Resource Tokens – Nonrelational Databases in Azure
Resource Tokens
Resource tokens allow limited time access to Azure Cosmos DB resources such as containers, partition keys, items, stored procedures, triggers, and user-defined functions. These tokens are initially created when a user is granted permissions to a specific resource and are valid for a preset time limit. The default time limit for a resource token is one hour and can be extended to a maximum of five hours. Resource tokens are re-created when a user makes an API request (GET, PUT, or POST) to Azure Cosmos DB.
Azure Cosmos DB database users are identity constructs that provide permissions to specific objects in a database, much like database contained users in Azure SQL. Users can be granted different levels of access to database resources using a set of permissions, also known as a permission resource. Permissions are authorization tokens associated with a database user that are used to authorize access to different database resources. Permission resources offer the following levels of access for database resources:
- All—This mode provides read, write, and delete access to a resource.
- Read—This mode provides read-only access to a resource.
Data Encryption
Data encryption at rest and in transit is provided out of the box for Azure Cosmos DB. There are no controls to turn encryption on or off. Azure Cosmos DB supports data encryption in transit with TLS version 1.2 or higher. Data stored in Azure Cosmos DB is encrypted at rest with keys that are managed behind the scenes by Microsoft. Organizations also have the option to add a second layer of encryption with their own keys.
Azure Cosmos DB Common Connectivity Issues
As with any data storage service, there will be times when issues occur when interacting with Azure Cosmos DB. These issues are typically related to bad request exceptions, unauthorized requests, or forbidden exceptions. The following sections include common Azure Cosmos DB connectivity issues and how to troubleshoot them.