Add database principals for Azure Data Explorer

Azure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. In this article, you'll learn how to add database principals for Azure Data Explorer by using C#, Python, or an Azure Resource Manager (ARM) template.

Prerequisites

The prerequisites vary based on the method used to add the principal. Choose the relevant tab for your preferred method.

The following list outlines the prerequisites to add a cluster principal with C#.

Add a database principal

Run the following code to add a database principal:

var tenantId = "xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx"; //Directory (tenant) ID
var clientId = "xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx"; //Application ID
var clientSecret = "PlaceholderClientSecret"; //Client Secret
var subscriptionId = "xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx";
var credentials = new ClientSecretCredential(tenantId, clientId, clientSecret);
var resourceManagementClient = new ArmClient(credentials, subscriptionId);
var resourceGroupName = "testrg";
//The cluster that is created as part of the Prerequisites
var clusterName = "mykustocluster";
var databaseName = "mykustodatabase";
var subscription = await resourceManagementClient.GetDefaultSubscriptionAsync();
var resourceGroup = (await subscription.GetResourceGroupAsync(resourceGroupName)).Value;
var cluster = (await resourceGroup.GetKustoClusterAsync(clusterName)).Value;
var database = (await cluster.GetKustoDatabaseAsync(databaseName)).Value;
var databasePrincipalAssignments = database.GetKustoDatabasePrincipalAssignments();
var databasePrincipalAssignmentName = "mykustodatabaseprincipalassignment";
var principalId = "xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx"; //User email, application ID, or security group name
var role = KustoDatabasePrincipalRole.Admin; //Admin, Ingestor, Monitor, User, UnrestrictedViewers, Viewer
var tenantIdForPrincipal = new Guid("xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx");
var principalType = KustoPrincipalAssignmentType.App; //User, App, or Group
var databasePrincipalAssignmentData = new KustoDatabasePrincipalAssignmentData
{
    DatabasePrincipalId = principalId, Role = role, PrincipalType = principalType, TenantId = tenantIdForPrincipal
};
await databasePrincipalAssignments.CreateOrUpdateAsync(
    WaitUntil.Completed, databasePrincipalAssignmentName, databasePrincipalAssignmentData
);
Setting Suggested value Field description
tenantId xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx Your tenant ID. Also known as directory ID.
subscriptionId xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx The subscription ID that you use for resource creation.
clientId xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx The client ID of the application that can access resources in your tenant.
clientSecret PlaceholderClientSecret The client secret of the application that can access resources in your tenant.
resourceGroupName testrg The name of the resource group containing your cluster.
clusterName mykustocluster The name of your cluster.
databaseName mykustodatabase The name of your database.
databasePrincipalAssignmentName mykustodatabaseprincipalassignment The name of your database principal resource.
principalId xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx The principal ID, which can be user email, application ID, or security group name.
role Admin The role of your database principal, which can be 'Admin', 'Ingestor', 'Monitor', 'User', 'UnrestrictedViewers', 'Viewer'.
tenantIdForPrincipal xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx The tenant ID of the principal.
principalType App The type of the principal, which can be 'User', 'App', or 'Group'