Manage Azure Data Explorer database permissions in the Azure portal

Azure Data Explorer allows you to control access to databases and tables using a role-based access control model. Under this model, principals (users, groups, and apps) are mapped to roles. Principals can access resources according to the roles they're assigned. For a list of available roles, see role-based access control.

This article describes the available roles and how to assign principals to those roles using the Azure portal. For information on how to set database permissions with management commands, see Manage database security roles.

Note

To delete a database, you need at least Contributor Azure Resource Manager (ARM) permissions on the cluster. To assign ARM permissions, see Assign Azure roles using the Azure portal.

Add database principals

  1. Sign in to the Azure portal.

  2. Go to your Azure Data Explorer cluster.

  3. In the Overview section, select the database where you want to manage permissions. For roles that apply to all databases, skip this phase and go directly to the next step.

    Select database.

  4. Select Permissions then Add.

    Database permissions.

  5. Look up the principal, select it, then Select.

    Screenshot of the Azure portal New Principals page. A principal name and image are selected and highlighted. The Select button is also highlighted.

Remove database principals

  1. Sign in to the Azure portal.

  2. Go to your Azure Data Explorer cluster.

  3. In the Overview section, select the database where you want to manage permissions. For roles that apply to all databases, go directly to the next step.

    Screenshot of select database.

  4. Select Permissions, and then select the principal to remove.

  5. Select Remove.