.alter policy managed_identity command
Applies to: ✅ Azure Data Explorer
Sets the ManagedIdentity policy of the cluster or the specified database, overriding the existing policy.
Note
Managed identities should be assigned to the cluster (see instructions) before you can assign them to the ManagedIdentity policy.
Permissions
The command to alter the policy requires AllDatabasesAdmin permissions.
Syntax
.alter
cluster
policy
managed_identity
ArrayOfPolicyObjects
.alter
database
DatabaseName policy
managed_identity
ArrayOfPolicyObjects
Learn more about syntax conventions.
Parameters
Name | Type | Required | Description |
---|---|---|---|
ArrayOfPolicyObjects | array | ✔️ | An array with zero or more ManagedIdentity policy objects. |
DatabaseName | string |
✔️ | The name of the database. |
Note
Policy objects must define the ObjectId and AllowedUsages properties. Other properties are automatically populated.
Getting the managed identity object ID
The object ID is available in the Azure portal on the managed identity's overview page.
Returns
The command sets the cluster's or database's ManagedIdentity policy object, overriding any current policy, and then returns the output of the corresponding .show managed identity policy command.
If any of the specified managed identities isn't assigned to the cluster, an error is returned and the ManagedIdentity policy won't be modified.
Example
.alter database db policy managed_identity ```
[
{
"ObjectId": "aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb",
"AllowedUsages": "NativeIngestion, ExternalTable"
}
]```