0

I was wondering what the best approach would be to implement RLS for this kind of data. I'm simply exploring options here, so if the answer is it's not possible, then that is that.

A little description of the data

  1. It doesn't have any column that represents an AD group, it only has a unique guididentifier
  2. At any given time, new guid can appear in the table

Now the issue is, user A which is apart of some group B with GroupID is querying the data. I want to apply RLS where group B is only allowed to see data for specific GUID (which, according to 2 can change). Is there any way of doing this? Like having a external table hold the Group-GUID pairs and use that for joining / filtering the query?

Or am I stuck because I would need to include the GroupID as a column in the query and since my data already doesn't include that column, then there is no way for me to add it post-ingestion?

Improve this question
3
  • To enforce row-level security (RLS) in Azure Data Explorer (ADX) using external metadata, consider adding a column for AD groups to your data or creating multiple tables with distinct GUIDs and assigning permissions accordingly. This approach enhances query performance and enables tailored data access based on user groups. see the Apply row-level security on SQL external tables documentation. Commented May 2, 2024 at 9:15
  • Maybe it is possible to put the GUID in a lookup table and query this lookup table in your Kusto RLS policy. I just posted an answer how to integrate a lookup table into a RLS function here (stackoverflow.com/questions/78402329/…) Commented May 3, 2024 at 6:56
  • @Werner that's definitely an interesting approach! Would also allow me to keep the tables as is and simply add a meta table for this information, thanks! Gonna give this a try Commented May 6, 2024 at 14:37
Related questions
0
Partial Data Being Ingested To Azure Data Explorer From Event Hub
4
Azure Data Explorer High Ingestion Latency with Streaming
1
In Azure Data Explorer how do I parametrize metadata to be used in Row Level Security function in a query optimized way
Load 5 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.