I am running into the same issue. I do not see the role to assign it from the portal. Added a custom role with an action defined to allow the container creation via java code.

It just blows up with the following exception but there is no clue what is required to get it corrected.

The given request [POST /dbs/<DB_NAME>/colls] cannot be authorized by AAD token in data plane.

Status Code: Forbidden

Tried adding Cosmos DB Operator but it did not work as well. Any idea?