Redigera

Dela via

.alter-merge policy managed_identity command

  • Artikel

Applies to: ✅ Azure Data Explorer

The command updates the ManagedIdentity policy of the cluster or the specified database, adding new managed identities or adding usages to existing managed identities.

Note

Managed identities should be assigned to a cluster before you can assign them to the ManagedIdentity policy. For more information, see Configure managed identities for your cluster

Permissions

You must have AllDatabasesAdmin permissions to run these commands.

Syntax

.alter-merge cluster policy managed_identity ArrayOfPolicyObjects

.alter-merge database DatabaseName policy managed_identity ArrayOfPolicyObjects

Learn more about syntax conventions.

Parameters

Name Type Required Description
DatabaseName string ✔️ The name of the database.
ArrayOfPolicyObjects array ✔️ A serialized array with zero or more ManagedIdentity policy objects defined, each defined with only the ObjectId and AllowedUsages properties.

Note

  • Policy objects must define the ObjectId and AllowedUsages properties. Other properties are automatically populated.

  • For every item in ArrayOfPolicyObjects:

    • If the ObjectId doesn't exist in the ManagedIdentity policy, the item is added to the policy.
    • If the ObjectId already exists in the ManagedIdentity policy:
      • The identity's AllowedUsages property is added to the relevant item in the policy. For example, if the current policy has AllowedUsages="NativeIngestion" for a specific managed identity, then if ArrayOfPolicyObjects has an item for this managed identity with AllowedUsages="ExternalTables", then the AllowedUsages for this managed identity in the ManagedIdentity policy becomes "NativeIngestion, ExternalTables".
      • The latest information about the managed identity, such as the DisplayName, is retrieved from Microsoft Entra and updated in the policy.

Getting the managed identity object ID

The object ID is available in the Azure portal on the managed identity's overview page.

Look for 'Object (principal) ID.

Returns

The command updates the ManagedIdentity policy of the cluster or the specified database. The change may add new managed identities or add usages to existing managed identities. Then, the command returns the output of the corresponding .show managed identity policy command.

If any of the specified managed identities isn't assigned to the cluster, an error is returned and the ManagedIdentity policy won't be modified.

Example

.alter-merge database db policy managed_identity ```
[
  {
    "ObjectId": "aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb",
    "AllowedUsages": "NativeIngestion, ExternalTable"
  }
]
```