Forum Discussion

pednie's avatar
pednie
Copper Contributor
Oct 04, 2023

Problem with Playbook permissions through Lighthouse

I have two tenants where I test Azure Lighthouse and I'm having playbook permissions trouble while doing this.

In the "customer" tenant I have established Sentinel and Playbooks. In this tenant all permissions have been granted and I can succesfully trigger playbooks manually with the local account. Sentinel and playbooks share the same resoruce group.

Through Lighthouse I have granted the "service provider" tenant these roles to customer's resource group: Microsoft Sentinel Contributor, Logic App Contributor, Managed Services Registration assignment Delete Role, Reader and Template Spec Contributor. I have access to the customer's Sentinel through the service provider tenant , and in the service provider tenant I can succesfully create a playbook.

 

The problem is when I try to manually trigger the playbook I created in the service provider tenant, I receive this error:

"Caller is missing required playbook triggering permissions on playbook resource '[RESOURCE]', or Microsoft Sentinel is missing required permissions to verify the caller has permissions".

 

What permisson do I miss? I can't find any documents that describes what I'm missing.

Resources