Adding AAD external user to ADX database

Elisa Piccin 0 Reputation points
2023-08-28T18:34:40.25+00:00

I'm trying to give an AAD guest user permissions to access a database within an ADX free cluster

This query executes correctly, but he is not able to access the DB

.add database ['Test-db'] users ('aaduser=name.surname@acme.com') 'PoC user (AAD)';

I've tried also with the tenant id

.add database ['Test-db'] users ('aaduser=name.surname@acme.com';87101f8d-xxxx-xxxx-xxxx-xxxxxxxx') 'PoC user (AAD)';

and received this error:User's image

Can anyone help me in solving the issue?

Thanks,

Elisa

Azure Data Explorer
Azure Data Explorer
An Azure data analytics service for real-time analysis on large volumes of data streaming from sources including applications, websites, and internet of things devices.
526 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,777 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Sander van de Velde | MVP 32,721 Reputation points MVP
    2023-08-28T19:22:41.4733333+00:00

    Hello @Elisa Piccin ,

    have you tried to add the user by hand in the Azure Portal?

    Go to the Permissions pane of your database:

    User's image

    That user must be available in your AAD to be found.


    If the response helped, do "Accept Answer". If it doesn't work, please let us know the progress. All community members with similar issues will benefit by doing so. Your contribution is highly appreciated.


  2. Elisa Piccin 0 Reputation points
    2023-08-30T07:29:37.21+00:00

    @Sander van de Velde I was able to do it using the user AAD id, something like:

    .add database ['database-name'] users ('aaduser=b40a91df-xxx-xxx-xxxx-xxxxxxxx;companyname.onmicrosoft.com') 'PoC user (AAD)'
    
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.