I am trying to set up a continuous data export from Azure Data Explorer to SQLDB. I have created an external table, and my managed identity can insert data into the table. The documentation says I need to add the "AutomatedFlow" value to the Managed Identity Policy.
I use the following code as snipped from the documentation (of course with correct identity and db).
.alter database db policy managed_identity ```
[
{
"ObjectId": "d99c9846-1615-a2f9-a96f-78e136ba93eb",
"AllowedUsages": "NativeIngestion, ExternalTable"
}
]
This code runs. I add "AutomatedFlow" to the list and it fails. I tried adding "All" instead as this allegedly enables all rights - this code runs but I get a "the managed identity used for automated flow, is not authorized to access the databases under the given query. Please assign the correct roles and try again." Does anyone know if I do something wrong, or if this is a known bug?
Looks like the cluster system managed identity doesn't automatically have rights to access the data. So assigning the Viewer role to the cluster identity for the relevant database (or AllDatabaseViewer on the cluster) solves this particular problem. This should also work for user managed identities.