current_principal_is_member_of()
Applies to: ✅ Microsoft Fabric ✅ Azure Data Explorer ✅ Azure Monitor ✅ Microsoft Sentinel
Checks group membership or principal identity of the current principal running the query.
Syntax
current_principal_is_member_of(group)
Learn more about syntax conventions.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| group | dynamic |
✔️ | An array of string literals in which each literal represents a Microsoft Entra principal. See examples for Microsoft Entra principals. |
Note
- To avoid throttling from Microsoft Entra ID, the
current_principal_is_member_of()function only works with string literals. Using values that aren't string literals will result in an error in order to avoid a potentially large number of queries to Microsoft Entra ID. - Checking group memberships can be resource-intensive. Since group memberships don’t change frequently, the membership check results are cached. The caching duration varies and determines how quickly changes to group memberships are updated. Adding a user to a group can take up to 30 minutes to propagate. Removing a user from a group can take up to three hours.
- For more information on Group Membership cache behavior, see Access control overview.
Returns
The function returns true if the current principal running the query is successfully matched for at least one input argument. If not, the function returns false.
Examples
print result=current_principal_is_member_of(
'aaduser=user1@fabrikam.com',
'aadgroup=group1@fabrikam.com',
'aadapp=66ad1332-3a94-4a69-9fa2-17732f093664;72f988bf-86f1-41af-91ab-2d7cd011db47'
)
Output
| result |
|---|
| false |
Using dynamic array instead of multiple arguments:
print result=current_principal_is_member_of(
dynamic([
'aaduser=user1@fabrikam.com',
'aadgroup=group1@fabrikam.com',
'aadapp=66ad1332-3a94-4a69-9fa2-17732f093664;72f988bf-86f1-41af-91ab-2d7cd011db47'
]))
Output
| result |
|---|
| false |