How do I grant an application Microsoft.Kusto/clusters/databases/dataConnections/read access over a specific database in Kusto?
I am trying to grant an application read access to the data connections of a specific database in Kusto. How do I grant this permission to this managed identity? There is not a place within the azure portal to grant this permission at the database level. I am trying to avoid granting this permission at the cluster level. This is the error I am receiving from my app.
The client 'id' with object id 'id' does not have authorization to perform action 'Microsoft.Kusto/clusters/databases/dataConnections/read' over scope '/subscriptions/subscription/resourceGroups/RG/providers/Microsoft.Kusto/clusters/cluster/databases/database-foo'
I tried going to the azure portal to grant my app this permission, but there is no IAM tab within the database. The cluster does have the IAM tab, but I am avoiding adding the permission there for security reasons.
No IAM place to add permissions of this type IAM available in cluster
You can grant Microsoft.Kusto/clusters/databases/dataConnections/read access under cluster IAM only, not under specific database in Kusto for resource administration like listing data connections.
When I tried to list these data connections by running below REST API call without assigning role, I too got same error as below:
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Kusto/clusters/{clusterName}/databases/{databaseName}/dataConnections?api-version=2023-08-15
Response:
To resolve the error, you need to assign proper RBAC role like Reader under database cluster as below:
When I tried to list these data connections by running below REST API call after assigning role, I got response successfully:
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Kusto/clusters/{clusterName}/databases/{databaseName}/dataConnections?api-version=2023-08-15
Response:
Reference: Role-based access control in Kusto - Azure Data Explorer | Microsoft
- Azure Service Plan - Convert Consumption App to Premium App
- No PK or FK when exporting SQL Server database
- Assigning a Token Lifetime Policy to an application in Microsoft EntraID seems to have no effect
- How to create a dataset for Azure custom speech using spx (speechCLI)
- Azure App Service Autoscale Fails to Scale In
- Azure Scale Out on Memory keeps flapping (not scaling in)
- Setting a server minimum for Azure Web App when using automatic scaling, from Bicep
- A keyvault created with access policy using BICEP creates compound identity
- Azure Loadbalancer with public IP forward traffic to Container Apps
- How to grant a Managed Identity permissions to an Azure SQL Database using IaC?
- What means skipNegotiation in SignalR HubConnection?
- Azure ClientCertificateCredential - Using SNI
- Azure AI Search MultiIndex / Conditional Semantic search
- MSAL Node service & The Partner Center API
- Load Registered Component in Azure ML for Pipeline using Python sdk v2
- Azure Blob:- How to automate Azure Archive Storage to Cool/Hot tier conversion, send download link once it's avaible , and re-archive after 72 hours?
- Azure App Service Custom Backup to Firewall Enabled Storage Account not working as expected
- How to take max value and replace it in drived column in data factory
- Synapse/ ADF - How to Truncate table if dynamic config column is True in pre-copy script
- Azure Cost Management - track costs associated with Databricks job
- Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
- How to check Debug.Writeline() output in VS code?
- C# API - Provide download of files from Azure Blobstorage
- localhost:300/api is not working : "This page isn’t working"
- Creating an Azure Linux VM with Ubuntu 20.04 with Terraform
- Failed to deploy path that does not exist
- Using Azure WAF for my server(not in Azure)
- How and where to define an environment variable on Azure
- Azure Data Factory - Unable to preview data
- Azure yaml trigger pipeline every 14 days on a Saturday