Forum Discussion

PrashTechTalk's avatar
PrashTechTalk
Brass Contributor
May 11, 2021

Azure Sentinel Automation (Preview) - Issue with Permission assignment

Hi @AzureSentinel Team,

 

I believe this is a bug unless there is any reason to do so.

 

At Azure Sentinel Automation (Preview) when tried to assign permission for logic app I am getting the error below.

 

Pls Note: Although i am the owner of subscription i am not able to assign the permission whereas only global admin with subscription ownership can do this role assignment.  

 

Saving automation rule 'TEST 1' failed. Error: Caller is missing required playbook triggering permissions on playbook resource '/subscriptions/xxx/resourceGroups/yyy/providers/Microsoft.Logic/workflows/logicapp1', or Azure Sentinel is missing required permissions to verify the caller has permissions

 

Thanks.

      • Javier-Soriano's avatar
        Javier-Soriano
        Icon for Microsoft rankMicrosoft
        Ok, that requires additional permissions. You need to grant Azure Sentinel Automation Contributor permissions to the Azure Security Insights app in the service provider tenant, to the RG where the playbooks are in the customer tenant. So basically you need to include this additional authorization in your Azure Lighthouse delegation.

        Regards
  • GaryBushey's avatar
    GaryBushey
    Bronze Contributor

    PrashTechTalk I think this is related to there being a requirement to allow Automation to kick off the playbook in the resource group that the playbook resides in.  Got to the Azure Sentinel Settings menu option, then select Settings in header, and expand Playbook permissions.  Click on the "Configure permissions" button and assign the correct permissions to your resource group if it does not already have the permissions needed.

     

     

    • PrashTechTalk's avatar
      PrashTechTalk
      Brass Contributor
      My query is that as a Owner of the subscription one cannot assign these permission instead it expected elevated role like Global admin which is not correct
      • denismello's avatar
        denismello
        Icon for Microsoft rankMicrosoft
        Hi all.
        I'm facing the same issue here. Query is pretty simple and the automation is to run a Logic App to send emails with the incident's details.
        Guess this is a bug, as I'm the owner and can't assign permissions as instructed before by GaryBushey.
        Looking forward to get more inputs.

Resources