1

I have an Azure Data Explorer/Kusto function that I would like to give access to, but I don't necessarily want to give access to the full tables or databases the function utilizes. I've seen this Role-Based Auth article and see Function Admin, but it looks like that would also require Database Viewer to achieve what I want.

Is there a Function Viewer role that I can use? If not, is there some way to achieve this through other permission settings?

Have tried finding a Function Viewer role, but have not found one.

Daniel Mann
  • 57,011
  • 13
  • 100
  • 120
Jacob S
  • 11
  • 2
  • 1
    there is no such role at the moment. limiting access to specific tables/records could be achieved using a *restricted view access policy* [https://learn.microsoft.com/en-us/azure/data-explorer/kusto/management/restrictedviewaccesspolicy] or a *row level security policy* [https://learn.microsoft.com/en-us/azure/data-explorer/kusto/management/rowlevelsecuritypolicy] – Yoni L. Jan 27 '23 at 17:07
  • @YoniL. thanks for the reply, the links are giving 404 in that format, can you share as markdown? – Jacob S Jan 28 '23 at 00:46
  • `https://learn.microsoft.com/en-us/azure/data-explorer/kusto/management/rowlevelsecuritypolicy` and `https://learn.microsoft.com/en-us/azure/data-explorer/kusto/management/restrictedviewaccesspolicy` – Yoni L. Jan 28 '23 at 04:12
  • [Row Level Security](https://learn.microsoft.com/en-us/azure/data-explorer/kusto/management/rowlevelsecuritypolicy) [Restricted view access policy](https://learn.microsoft.com/en-us/azure/data-explorer/kusto/management/restrictedviewaccesspolicy) – David דודו Markovitz Jan 28 '23 at 08:53
  • Here's how you can do it: Create a custom role definition that includes the minimum required permissions for the function to run, but without giving access to the full tables or databases. Assign the custom role definition to the relevant users or security groups. Grant the "Function Admin" role to the function in question. – Sourav Feb 03 '23 at 11:05

0 Answers0