Forum Discussion

mvanhorenbeeck's avatar
mvanhorenbeeck
MVP
Mar 11, 2019

Limiting access to Sentinel

Hi all,   What would, for now, be the minimum set of roles/permissions required to get access to Sentinel? I've played around with granting access as a Security Reader some additional ones (Con...
arshad80's avatar
arshad80
Copper Contributor
Apr 21, 2020

Ofer_Shezaf 

 

Thanks Ofer, i just tested this in our environment :). I took quite a lot of time figuring this out from the documentation its never mentioned in the Sentinel permissions doc very clearly where to apply the permission.

With your trick it works !!

so yes in my case reader permissions on RG seems to work fine. 

user's avatar
user
Copper Contributor
Oct 05, 2020

arshad80 The documentation [https://docs.microsoft.com/en-us/azure/sentinel/roles] is very clear about that by stating:

 

  • For best results, these roles should be assigned on the resource group that contains the Azure Sentinel workspace. This way, the roles will apply to all the resources that are deployed to support Azure Sentinel, as those resources should also be placed in that same resource group.

  • Another option is to assign the roles directly on the Azure Sentinel workspace itself. If you do this, you must also assign the same roles on the SecurityInsights solution resource in that workspace. You may need to assign them on other resources as well, and you will need to be constantly managing role assignments on resources.

 

 

Resources