Redaguoti

Bendrinti naudojant


Manage Azure Data Explorer cluster permissions

Azure Data Explorer enables you to control access to resources in your cluster using a role-based access control model. Under this model, principals—users, groups, and apps—are mapped to security roles. Principals are granted access to cluster resources according to the roles they're assigned.

This article describes the available cluster level roles and how to assign principals to those roles using the Azure portal.

Note

  • To configure cluster level permissions with C#, Python, and ARM templates, see Add cluster principals.
  • To configure cluster level permissions with the Azure CLI, see az kusto.

Cluster level permissions

Role Permissions
AllDatabasesAdmin Full access in the scope of any database. May show and alter certain cluster-level policies. Includes all lower level All Databases permissions.
AllDatabasesViewer Read all data and metadata of any database.
AllDatabasesMonitor Execute .show commands in the context of any database and its child entities.

Manage cluster permissions in the Azure portal

  1. Sign in to the Azure portal.

  2. Go to your Azure Data Explorer cluster.

  3. In the left-hand menu, under Security + networking, select Permissions.

    Screenshot of the left settings menu containing the permissions tab.

  4. Select Add, and select the role you want to assign.

    Screenshot of the add widget for adding permissions.

  5. In the New principals window, search for and select one or more principals.

    Screenshot of new principals window for adding new permissions.

  6. Select Select to complete the assignment.