Forum Discussion

mvanhorenbeeck's avatar
mvanhorenbeeck
MVP
Mar 11, 2019

Limiting access to Sentinel

Hi all,   What would, for now, be the minimum set of roles/permissions required to get access to Sentinel? I've played around with granting access as a Security Reader some additional ones (Con...
Ofer_Shezaf's avatar
Ofer_Shezaf
Icon for Microsoft rankMicrosoft
Mar 13, 2019

Hi Michael,

 

You will need a subscription contributor permission to onboard. After that, you will need a contributor or reader on the RG, depending on what you want to do. 

 

Connecting to different sources may require additional permissions, which is documented on the specific connectors pages when you connect.

 

~ Ofer

arshad80's avatar
arshad80
Copper Contributor
Apr 21, 2020

Ofer_Shezaf 

 

Thanks Ofer, i just tested this in our environment :). I took quite a lot of time figuring this out from the documentation its never mentioned in the Sentinel permissions doc very clearly where to apply the permission.

With your trick it works !!

so yes in my case reader permissions on RG seems to work fine. 

  • user's avatar
    user
    Copper Contributor
    Oct 05, 2020

    arshad80 The documentation [https://docs.microsoft.com/en-us/azure/sentinel/roles] is very clear about that by stating:

     

    • For best results, these roles should be assigned on the resource group that contains the Azure Sentinel workspace. This way, the roles will apply to all the resources that are deployed to support Azure Sentinel, as those resources should also be placed in that same resource group.

    • Another option is to assign the roles directly on the Azure Sentinel workspace itself. If you do this, you must also assign the same roles on the SecurityInsights solution resource in that workspace. You may need to assign them on other resources as well, and you will need to be constantly managing role assignments on resources.

     

     

Resources