Edit

Share via

Manage Azure Data Explorer cluster permissions

Azure Data Explorer uses role-based access control (RBAC) to manage who can access cluster resources. This security model maps principals—such as users, groups, and applications—to specific security roles that determine their level of access.

Use cluster-level permissions to control access across all databases in your cluster. You can assign three types of cluster roles: AllDatabasesAdmin for full administrative access, AllDatabasesViewer for read-only access to all data and metadata, and AllDatabasesMonitor for monitoring capabilities.

This article shows you how to assign cluster-level permissions to principals using the Azure portal.

Note

  • To configure cluster level permissions with C#, Python, and ARM templates, see Add cluster principals.
  • To configure cluster level permissions with the Azure CLI, see az kusto.

Cluster level permissions

Role Permissions
AllDatabasesAdmin Full access in the scope of any database. Might show and alter certain cluster-level policies. Includes all lower level All Databases permissions.
AllDatabasesViewer Read all data and metadata of any database.
AllDatabasesMonitor Execute .show commands in the context of any database and its child entities.

Manage cluster permissions in the Azure portal

  1. Sign in to the Azure portal.

  2. Go to your Azure Data Explorer cluster.

  3. In the left-hand menu, under Security + networking, select Permissions.

    Screenshot of the left settings menu containing the permissions tab.

  4. Select Add, and select the role you want to assign.

    Screenshot of the Add widget for adding permissions.

  5. In the New principals window, search for and select one or more principals.

    Screenshot of new principals window for adding new permissions.

  6. Select Select to complete the assignment.

Related content