github · ashleyvansp · Feb 26, 2026 · Feb 25, 2026 · Feb 26, 2026 · Feb 26, 2026
diff --git a/KustoSchemaTools/Model/Policy.cs b/KustoSchemaTools/Model/Policy.cs
@@ -10,6 +10,7 @@ public class Policy
         public string? HotCache { get; set; }
         public PartitioningPolicy? Partitioning { get; set; }
         public string? RowLevelSecurity { get; set; }
+        public bool AllowMaterializedViewsWithoutRowLevelSecurity { get; set; } = false;
 
 
         public List<DatabaseScriptContainer> CreateScripts(string name, string entity)
@@ -26,7 +27,10 @@ public List<DatabaseScriptContainer> CreateScripts(string name, string entity)
 
             if (!string.IsNullOrEmpty(RowLevelSecurity))
             {
-                scripts.Add(new DatabaseScriptContainer("RowLevelSecurity", 57, $".alter {entity} {name} policy row_level_security enable ```{RowLevelSecurity}```"));
+                var rlsWithClause = AllowMaterializedViewsWithoutRowLevelSecurity
+                    ? " with (allowMaterializedViewsWithoutRowLevelSecurity=true)"
+                    : "";
+                scripts.Add(new DatabaseScriptContainer("RowLevelSecurity", 57, $".alter {entity} {name} policy row_level_security enable{rlsWithClause} ```{RowLevelSecurity}```"));
             }
             else
             {

diff --git a/KustoSchemaTools/Model/Table.cs b/KustoSchemaTools/Model/Table.cs
@@ -22,6 +22,8 @@ public class Table : IKustoBaseEntity
         public string? RowLevelSecurity { get; set; }
         [Obsolete("Use policies instead")]
         public bool RestrictedViewAccess { get; set; } = false;
+        [Obsolete("Use policies instead")]
+        public bool AllowMaterializedViewsWithoutRowLevelSecurity { get; set; } = false;
 
         public List<DatabaseScriptContainer> CreateScripts(string name, bool isNew)
         {

diff --git a/KustoSchemaTools/Parser/DatabaseCleanup.cs b/KustoSchemaTools/Parser/DatabaseCleanup.cs
@@ -72,6 +72,11 @@ public void CleanUp(Database database)
                     policy.RowLevelSecurity = entity.Value.RowLevelSecurity;
                 }
 
+                if (entity.Value.AllowMaterializedViewsWithoutRowLevelSecurity)
+                {
+                    policy.AllowMaterializedViewsWithoutRowLevelSecurity = true;
+                }
+
                 policy.RestrictedViewAccess |= entity.Value.RestrictedViewAccess;
 
                 if (policy.Retention == database.DefaultRetentionAndCache.Retention)

diff --git a/KustoSchemaTools/Parser/KustoLoader/KustoTableBulkLoader.cs b/KustoSchemaTools/Parser/KustoLoader/KustoTableBulkLoader.cs
@@ -7,7 +7,7 @@ public class KustoTableBulkLoader : KustoBulkEntityLoader<Table>
         const string LoadTables = ".show tables details| project TableName, DocString, Folder, RetentionAndCachePolicy=bag_pack(\"Retention\",strcat(toint(totimespan(parse_json(RetentionPolicy).SoftDeletePeriod)/1d),\"d\") , \"HotCache\",strcat(toint(totimespan(parse_json(CachingPolicy).DataHotSpan)/1d),\"d\")) | project EntityName = TableName, Body = bag_pack_columns(DocString, Folder, RetentionAndCachePolicy)";
         const string LoadUpdatePolicies = ".show database schema as csl script | parse-where DatabaseSchemaScript with '.alter table ' TableName:string ' policy update \\\"' Policy:string  '\\\"' | project TableName, UpdatePolicies = parse_json(replace_string(replace_string(Policy, '\\\\\\\"','\\\"'), '\\\\\\'','\\\'')) | project EntityName = TableName , Body = bag_pack_columns(UpdatePolicies)";
         const string LoadRestrictedViewAccess = ".show database schema as csl script | parse-where DatabaseSchemaScript with \".alter tables (\" TableName:string \") policy restricted_view_access True\" | project EntityName = TableName, Body = bag_pack(\"RestrictedViewAccess\", true)";
-        const string LoadRowLevelSecurity = ".show database schema as csl script | parse-where DatabaseSchemaScript with \".alter table \" TableName:string \" policy row_level_security enable \" Policy:string | project TableName, RowLevelSecurity = trim(\"( |\\\\\\\")*\",Policy) | project EntityName = TableName, Body=bag_pack_columns(RowLevelSecurity)";
+        const string LoadRowLevelSecurity = ".show database schema as csl script | extend HasAllowMV = DatabaseSchemaScript has 'allowMaterializedViewsWithoutRowLevelSecurity' | extend CleanScript = replace_string(DatabaseSchemaScript, ' with (allowMaterializedViewsWithoutRowLevelSecurity=true)', '') | parse-where CleanScript with \".alter table \" TableName:string \" policy row_level_security enable \" Policy:string | project TableName, RowLevelSecurity = trim(\"( |\\\\\\\")*\",Policy), AllowMaterializedViewsWithoutRowLevelSecurity = HasAllowMV | project EntityName = TableName, Body=bag_pack_columns(RowLevelSecurity, AllowMaterializedViewsWithoutRowLevelSecurity)";
         const string LoadTableColumns = ".show database schema as csl | project TableName, Schema | extend Columns = split(Schema,\",\") | mv-apply Columns to typeof(string) on ( project ColSplit =split(Columns,\":\") | project Prop=pack(tostring(ColSplit[0]), tostring(ColSplit[1])) | summarize Columns =make_bag(Prop)) | project EntityName = TableName, Body=bag_pack_columns(Columns)";
 
         public KustoTableBulkLoader() : base(d => d.Tables) { }