Azure Data Explorer , Table access policies

Question

Hi,

1) I have a database in adx which has multiple tables.

I need to give access to only a FEW TABLES to the network team (part of the azure AD) and they should not be able to view or query the other tables in the database in ADX. How do I achieve it?

Can restrictedviewpolicy be utilised to achieve it ?

2) Another question is , how do I manage read rights as per the log-sources in Sentinel.

Thanks.

Answer 1

Hello @Soumya Banerjee ,

Thanks for the question and using MS Q&A platform.

Yes, you can use Restricted view access policy to achieve it.

Note: Permissions in ADX/Kusto are given on a database level. Your options are:

• Use Row Level Security policy - Use group membership or execution context to control access to rows in a database table.
• Use Restricted Access policy - RestrictedViewAccess is an optional policy that can be enabled for tables of a database.
• Create a follower database that follows only the tables you want to share, and give them access to the follower database

how do I manage read rights as per the log-sources in Sentinel.

We recommend that you group the resources you are granting access for under a specific resource group created for the purpose.

If you can't, make sure that your team has log reader permissions directly to the resources you want them to access.

For more details, refer to Controlling access to Azure Sentinel Data: Resource RBAC and Manage access to Microsoft Sentinel data by resource

Hope this will help. Please let us know if any further queries.

------------------------------

• Please don't forget to click on or upvote button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
• Want a reminder to come back and check responses? Here is how to subscribe to a notification
• If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators