Custom Permissions for Azure Sentinel

Question

Hi,&nbsp;I want to give specific permissions to someone on Sentinel like below:- full access to Threat Management(Incidents, Workbooks, Hunting, Notebooks) and Logs section- read only access to all other sections.&nbsp;is this possible? I couldn't see some of these settings on https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftoperationalinsights&nbsp;I especially want to limit analytic rule creation and playbook creation.&nbsp;&nbsp;

chi_nguyen · Answer

mergene&nbsp;, that is possible to customize the access as you described. Please refer to this&nbsp;article &nbsp;for Playbook custom access, and&nbsp;this&nbsp;doc&nbsp;for more details on Alert Rule Creation custom access.

mergene · Answer

Chi_Nguyen&nbsp;&nbsp;If I give read permission to analytic rules and playbooks, how can I give full permission to Hunting and Workbook section? I can't find the permission for the Hunting. If I give several permission, it will be the union of those permissions I guess and won't work.&nbsp;

Forum Discussion

Custom Permissions for Azure Sentinel

2 Replies

Resources