Forum Discussion
Azure Log analytics AVD Insight workbook access
Hi,
Team we want to provide our helpdesk with access to AVD insight workbook. Currently our AVD are installed in different subcription and Log analytics in different subcription. We want to provide our helpdesk team access to only AVD insights. We have given them Desktop Virrualization reader role on resource group level and Log analytics reader role on resource group level.
As our log anlaytics is deployed on different subscription is it something not allowing us to access the insight. If we grant them log analytics reader role on log analytics they are able to access the workbook but also query other logs which we DO NOT want. Is there any way to grant them only access to AVD insights without granting them reader role on log analytics.
How about creating a custom role in Azure with limited permissions specifically for accessing the AVD Insights workbook. This way, you can grant your helpdesk team access to only the necessary resources without giving them broader Log Analytics permissions:
- Navigate to Azure Portal: Go to the Azure Portal and select Subscriptions.
- Select Your Subscription: Choose the subscription where your Log Analytics workspace is located.
- Access Role Definitions: Go to Access Control (IAM) > Role Definitions.
- Create Custom Role: Click on Add > Custom Role.
- Define Role Details: Provide a name and description for the custom role.
- Assign Permissions: Specify the exact permissions needed for accessing the AVD Insights workbook. You can use the Log Analytics Reader role as a template and remove any unnecessary permissions.
- Assign Role to Helpdesk: Once the custom role is created, assign it to your helpdesk team members at the Log Analytics workspace level.
