.alter policy managed_identity command

Applies to: ✅ Azure Data Explorer

Sets the ManagedIdentity policy of the cluster or the specified database, overriding the existing policy.

Note

Managed identities should be assigned to the cluster (see instructions) before you can assign them to the ManagedIdentity policy.

Permissions

The command to alter the policy requires AllDatabasesAdmin permissions.

Syntax

.alter cluster policy managed_identity ArrayOfPolicyObjects

.alter database DatabaseName policy managed_identity ArrayOfPolicyObjects

Learn more about syntax conventions.

Parameters

Name Type Required Description
ArrayOfPolicyObjects array ✔️ An array with zero or more ManagedIdentity policy objects.
DatabaseName string ✔️ The name of the database.

Note

Policy objects must define the ObjectId and AllowedUsages properties. Other properties are automatically populated.

Getting the managed identity object ID

The object ID is available in the Azure portal on the managed identity's overview page.

Look for 'Object (principal) ID.

Returns

The command sets the cluster's or database's ManagedIdentity policy object, overriding any current policy, and then returns the output of the corresponding .show managed identity policy command.

If any of the specified managed identities isn't assigned to the cluster, an error is returned and the ManagedIdentity policy won't be modified.

Example

.alter database db policy managed_identity ```
[
  {
    "ObjectId": "aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb",
    "AllowedUsages": "NativeIngestion, ExternalTable"
  }
]```