Skip to content

Repo sync for protected branch #2867

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
learn-build-service-prod merged 6 commits into from
Mar 25, 2026
Merged

Repo sync for protected branch #2867

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
fb8b394
Update materialized view policies documentation
a-bolanos Mar 25, 2026
e5bf185
Fix row level security policy description in documentation
a-bolanos Mar 25, 2026
f931c68
Update row level security policy details for materialized views
a-bolanos Mar 25, 2026
2f50653
Merge pull request #7424 from a-bolanos/patch-23
prmerger-automator[bot] Mar 25, 2026
e2d3ff1
Merge pull request #7425 from MicrosoftDocs/main
learn-build-service-prod[bot] Mar 25, 2026
b8d0b08
Merging changes synced from https://github.com/MicrosoftDocs/dataexpl…
Mar 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions data-explorer/kusto/management/materialized-views/materialized-view-policies.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,9 @@ A [row level security](../row-level-security-policy.md) can be applied on a mate
* The policy is applied to the [materialized part](materialized-view-overview.md#how-materialized-views-work) of the view only.
* If the same row level security policy isn't defined on the source table of the materialized view, then querying the materialized view may return records that should be hidden by the policy. This happens because [querying the materialized view](materialized-view-overview.md#materialized-views-queries) queries the source table as well.
* We recommend defining the same row level security policy both on the source table and the materialized view if the view is an [arg_max()](../../query/arg-max-aggregation-function.md) or [arg_min()](../../query/arg-min-aggregation-function.md)/[take_any()](../../query/take-any-aggregation-function.md).
* If the source table has a row level security policy and a user isn't included in it, querying the materialized view fails. This happens even if the user is included in the materialized view's own row level security policy. The failure occurs because the [delta part](materialized-view-overview.md#how-materialized-views-work) of the query accesses the source table directly, where the source table's row level security policy is enforced. To resolve this issue, use one of the following options:
* Add the user to the source table's row level security policy.
* Use the [materialized_view()](../../query/materialized-view-function.md) function to query only the materialized part of the view. This function doesn't require access to the source table.
* When defining a row level security policy on the source table of an [arg_max()](../../query/arg-max-aggregation-function.md) or [arg_min()](../../query/arg-min-aggregation-function.md)/[take_any()](../../query/take-any-aggregation-function.md) materialized view, the command fails if there's no row level security policy defined on the materialized view itself. The purpose of the failure is to alert the user of a potential data leak, since the materialized view may expose information. To mitigate this error, do one of the following actions:
* Define the row level security policy over the materialized view.
* Choose to ignore the error by adding `allowMaterializedViewsWithoutRowLevelSecurity` property to the alter policy command. For example:
Expand Down