When was ADX permission created

Question

I have added a role-based permission to my ADX database using Add-AzKustoDatabasePrincipal.

Add-AzKustoDatabasePrincipal `
    -ClusterName MyCluster `
    -DatabaseName MyDatabase `
    -ResourceGroupName MyResourceGroup `
    -Value (@{
        Name="Serious Q. Programmer";
        Role="Admin";
        Type="User";
        Email="serious.q@programmer.biz"
    })

For audit scrutiny, I would like to prove when and by whom the role was last configured.

.show database MyDatabase permissions lists information about the role, but sadly no metadata around creation. Likewise, the "MyDatabase > Permissions" web UI has role info but no timestamps.

The cluster-level "Activity log" web UI shows an "Add database principals action" event...

...but strangely, the AzureActivity OMS table does not contain a log record for the principal creation (despite containing records for all other events I see in the Activity Log UI at this time).

AzureActivity
| distinct OperationNameValue

Where does the log record for principal creation live and how do I query it?

Yoni L. · Accepted Answer · 2023-07-06T17:32:13.060

1

I don't know about OMS or AzureActivity, but if it happened during the last 365d, you should be able to see it in the cluster/database journal.

you can, for example, include the following filters ... | where Event has_any('ADD-DATABASE','DROP-DATABASE') and Event has_any('ADMINS','VIEWERS','USERS')

edited Jul 06 '23 at 17:32

answered Jul 06 '23 at 17:23

Yoni L.

22,627
2
29
48

When was ADX permission created

1 Answers1