public async Task PermissionTests(bool directMode) { CosmosClient client = directMode ? DirectCosmosClient : GatewayCosmosClient; Database database = client.GetDatabase(DatabaseId); List <string> createdPermissionIds = new List <string>(); List <string> createdContainerIds = new List <string>(); string userId = Guid.NewGuid().ToString(); UserCore user = null; try { UserResponse createUserResponse = await database.CreateUserAsync(userId); Assert.AreEqual(HttpStatusCode.Created, createUserResponse.StatusCode); user = (UserInlineCore)createUserResponse.User; ContainerResponse createContainerResponse = await database.CreateContainerIfNotExistsAsync(Guid.NewGuid().ToString(), partitionKeyPath : "/pk"); Container container = createContainerResponse.Container; PermissionResponse permissionResponse = await user.CreatePermissionAsync(new PermissionProperties("BasicQueryPermission1", PermissionMode.All, container)); createdContainerIds.Add(createContainerResponse.Container.Id); createdPermissionIds.Add(permissionResponse.Permission.Id); createContainerResponse = await database.CreateContainerIfNotExistsAsync(Guid.NewGuid().ToString(), partitionKeyPath : "/pk"); container = createContainerResponse.Container; permissionResponse = await user.CreatePermissionAsync(new PermissionProperties("BasicQueryPermission2", PermissionMode.All, container)); createdContainerIds.Add(createContainerResponse.Container.Id); createdPermissionIds.Add(permissionResponse.Permission.Id); createContainerResponse = await database.CreateContainerIfNotExistsAsync(Guid.NewGuid().ToString(), partitionKeyPath : "/pk"); container = createContainerResponse.Container; permissionResponse = await user.CreatePermissionAsync(new PermissionProperties("BasicQueryPermission3", PermissionMode.All, container)); createdContainerIds.Add(createContainerResponse.Container.Id); createdPermissionIds.Add(permissionResponse.Permission.Id); //Read All List <PermissionProperties> results = await this.ToListAsync( user.GetPermissionQueryStreamIterator, user.GetPermissionQueryIterator <PermissionProperties>, null, CosmosBasicQueryTests.RequestOptions ); CollectionAssert.IsSubsetOf(createdPermissionIds, results.Select(x => x.Id).ToList()); //Basic query List <PermissionProperties> queryResults = await this.ToListAsync( user.GetPermissionQueryStreamIterator, user.GetPermissionQueryIterator <PermissionProperties>, "select * from T where STARTSWITH(T.id, \"BasicQueryPermission\")", CosmosBasicQueryTests.RequestOptions ); CollectionAssert.AreEquivalent(createdPermissionIds, queryResults.Select(x => x.Id).ToList()); } finally { foreach (string id in createdPermissionIds) { await user.GetPermission(id).DeleteAsync(); } foreach (string id in createdContainerIds) { await database.GetContainer(id).DeleteContainerAsync(); } await user?.DeleteAsync(); } }