Add database principals for Azure Data Explorer by using Python
Azure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. In this article, you add database principals for Azure Data Explorer by using Python.
Prerequisites
- An Azure subscription. Create a free Azure account.
- Create a cluster and database.
Install Python package
To install the Python package for Azure Data Explorer (Kusto), open a command prompt that has Python in its path. Run this command:
pip install azure-common
pip install azure-mgmt-kusto
Authentication
To run the following example, you need an Azure Active Directory (Azure AD) application and service principal that can access resources. To create a free Azure AD application and add role assignment at the subscription level, see Create an Azure AD application. You also need the directory (tenant) ID, application ID, and client secret.
Add a database principal
The following example shows you how to add a database principal programmatically.
from azure.mgmt.kusto import KustoManagementClient
from azure.mgmt.kusto.models import DatabasePrincipalAssignment
from azure.common.credentials import ServicePrincipalCredentials
#Directory (tenant) ID
tenant_id = "xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx"
#Application ID
client_id = "xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx"
#Client Secret
client_secret = "xxxxxxxxxxxxxx"
subscription_id = "xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx"
credentials = ServicePrincipalCredentials(
client_id=client_id,
secret=client_secret,
tenant=tenant_id
)
kusto_management_client = KustoManagementClient(credentials, subscription_id)
resource_group_name = "testrg"
#The cluster and database that is created as part of the Prerequisites
cluster_name = "mykustocluster"
database_name = "mykustodatabase"
principal_assignment_name = "clusterPrincipalAssignment1"
#User email, application ID, or security group name
principal_id = "xxxxxxxx"
#AllDatabasesAdmin, AllDatabasesMonitor or AllDatabasesViewer
role = "AllDatabasesAdmin"
tenant_id_for_principal = tenantId
#User, App, or Group
principal_type = "App"
#Returns an instance of LROPoller, check https://docs.microsoft.com/python/api/msrest/msrest.polling.lropoller?view=azure-python
poller = kusto_management_client.database_principal_assignments.create_or_update(resource_group_name=resource_group_name, cluster_name=cluster_name, database_name=database_name, principal_assignment_name= principal_assignment_name, parameters=DatabasePrincipalAssignment(principal_id=principal_id, role=role, tenant_id=tenant_id_for_principal, principal_type=principal_type))
| Setting | Suggested value | Field description |
|---|---|---|
| tenant_id | xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx | Your tenant ID. Also known as directory ID. |
| subscription_id | xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx | The subscription ID that you use for resource creation. |
| client_id | xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx | The client ID of the application that can access resources in your tenant. |
| client_secret | xxxxxxxxxxxxxx | The client secret of the application that can access resources in your tenant. |
| resource_group_name | testrg | The name of the resource group containing your cluster. |
| cluster_name | mykustocluster | The name of your cluster. |
| database_name | mykustodatabase | The name of your database. |
| principal_assignment_name | databasePrincipalAssignment1 | The name of your database principal resource. |
| principal_id | xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx | The principal ID, which can be user email, application ID, or security group name. |
| role | Admin | The role of your database principal, which can be 'Admin', 'Ingestor', 'Monitor', 'User', 'UnrestrictedViewers', 'Viewer'. |
| tenant_id_for_principal | xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx | The tenant ID of the principal. |
| principal_type | App | The type of the principal, which can be 'User', 'App', or 'Group' |