Redigera

Dela via


.alter-merge policy managed_identity command

Applies to: ✅ Azure Data Explorer

The command updates the ManagedIdentity policy of the cluster or the specified database, adding new managed identities or adding usages to existing managed identities.

Note

Managed identities should be assigned to a cluster before you can assign them to the ManagedIdentity policy. For more information, see Configure managed identities for your cluster

Permissions

You must have AllDatabasesAdmin permissions to run these commands.

Syntax

.alter-merge cluster policy managed_identity ArrayOfPolicyObjects

.alter-merge database DatabaseName policy managed_identity ArrayOfPolicyObjects

Learn more about syntax conventions.

Parameters

Name Type Required Description
DatabaseName string ✔️ The name of the database.
ArrayOPolicyObjects array ✔️ A serialized array with zero or more ManagedIdentity policy objects defined.

Note

  • Policy objects must define the ObjectId and AllowedUsages properties. Other properties are automatically populated.

  • For every item in ArrayOfManagedIdentityPolicyObjects:

    • If the ObjectId doesn't exist in the ManagedIdentity policy, the item will be added to the policy.
    • If the ObjectId already exists in the ManagedIdentity policy, the identity's AllowedUsages property will be added to the relevant item in the policy. For example, if the current policy has AllowedUsages="NativeIngestion" for a specific managed identity, then if ArrayOfManagedIdentityPolicyObjects has an item for this managed identity with AllowedUsages="ExternalTables", then the AllowedUsages for this managed identity in the Managed Identity policy will become "NativeIngestion, ExternalTables".

Getting the managed identity object ID

The object ID is available in the Azure portal on the managed identity's overview page.

Look for 'Object (principal) ID.

Returns

The command updates the ManagedIdentity policy of the cluster or the specified database. The change may add new managed identities or add usages to existing managed identities. Then, the command returns the output of the corresponding .show managed identity policy command.

If any of the specified managed identities isn't assigned to the cluster, an error is returned and the ManagedIdentity policy won't be modified.

Example

.alter-merge database db policy managed_identity ```
[
  {
    "ObjectId": "aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb",
    "AllowedUsages": "NativeIngestion, ExternalTable"
  }
]
```