Update Cosmos notes related to RBAC (#4822)

dotnet · Oct 1, 2024 · 72bcbcc · 72bcbcc
1 parent 4dcd006
commit 72bcbcc
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 5 deletions.
diff --git a/entity-framework/core/providers/cosmos/index.md b/entity-framework/core/providers/cosmos/index.md
@@ -68,12 +68,13 @@ The Azure Cosmos DB provider for EF Core has multiple overloads of the [UseCosmo
 
 > [!IMPORTANT]
 > Make sure to understand [_Secure access to data in Azure Cosmos DB_](/azure/cosmos-db/secure-access-to-data) to understand the security implications and best practices for using each overload of the `UseCosmos` method.
+> Generally, RBAC with token credentials is the recommended access-control mechanism.
 
 | Connection Mechanism       | UseCosmos Overload                                                     | More information                                                                          |
-|----------------------------|------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|
-| Account endpoint and key   | `UseCosmos<DbContext>(accountEndpoint, accountKey, databaseName)`      | [Primary/secondary keys](/azure/cosmos-db/secure-access-to-data#primary-keys)             |
-| Account endpoint and token | `UseCosmos<DbContext>(accountEndpoint, tokenCredential, databaseName)` | [Resource tokens](/azure/cosmos-db/secure-access-to-data#primary-keys)                    |
-| Connection string          | `UseCosmos<DbContext>(connectionString, databaseName)`                 | [Work with account keys and connection strings](/azure/cosmos-db/scripts/cli/common/keys) |
+|----------------------------|------------------------------------------------------------------------|----------------------------------------------------------------------------------------------|
+| Account endpoint and key   | `UseCosmos<DbContext>(accountEndpoint, accountKey, databaseName)`      | [Primary/secondary keys](/azure/cosmos-db/secure-access-to-data#primary-keys)                |
+| Account endpoint and token | `UseCosmos<DbContext>(accountEndpoint, tokenCredential, databaseName)` | [RBAC and Resource tokens](/azure/cosmos-db/secure-access-to-data#role-based-access-control) |
+| Connection string          | `UseCosmos<DbContext>(connectionString, databaseName)`                 | [Work with account keys and connection strings](/azure/cosmos-db/scripts/cli/common/keys)    |
 
 ## Azure Cosmos DB options
 

diff --git a/entity-framework/core/what-is-new/ef-core-9.0/whatsnew.md b/entity-framework/core/what-is-new/ef-core-9.0/whatsnew.md
@@ -279,7 +279,7 @@ For more information, [see the documentation section on pagination](xref:core/pr
 
 ### Role-based access
 
-Azure Cosmos DB for NoSQL includes a [built-in role-based access control (RBAC) system](/azure/cosmos-db/role-based-access-control). This is now supported by EF9 for both management and use of containers. No changes are required to application code. See [Issue #32197](https://github.com/dotnet/efcore/issues/32197) for more information.
+Azure Cosmos DB for NoSQL includes a [built-in role-based access control (RBAC) system](/azure/cosmos-db/role-based-access-control). This is now supported by EF9 for all data plane operations. However, Azure Cosmos DB SDK does not support RBAC for management plane operations in Azure Cosmos DB. Use Azure Management API instead of `EnsureCreatedAsync` with RBAC.
 
 ### Synchronous I/O is now blocked by default