Manage Azure Data Explorer cluster permissions
Azure Data Explorer enables you to control access to resources in your cluster using a role-based access control model. Under this model, principals—users, groups, and apps—are mapped to security roles. Principals are granted access to cluster resources according to the roles they're assigned.
This article describes the available cluster level roles and how to assign principals to those roles using the Azure portal.
Note
- To configure cluster level permissions with C#, Python, and ARM templates, see Add cluster principals.
- To configure cluster level permissions with the Azure CLI, see az kusto.
Cluster level permissions
| Role | Permissions |
|---|---|
AllDatabasesAdmin |
Full access in the scope of any database. May show and alter certain cluster-level policies. Includes all lower level All Databases permissions. |
AllDatabasesViewer |
Read all data and metadata of any database. |
AllDatabasesMonitor |
Execute .show commands in the context of any database and its child entities. |
Manage cluster permissions in the Azure portal
Sign in to the Azure portal.
Go to your Azure Data Explorer cluster.
In the left-hand menu, under Security + networking, select Permissions.
Select Add, and select the role you want to assign.
In the New principals window, search for and select one or more principals.
Select Select to complete the assignment.
Related content
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for