Forum Discussion

danielmasters's avatar
danielmasters
Brass Contributor
Nov 07, 2022

Retrieve List of Users with Access to Sentinel?

Hi all,

 

I've been working on retrieving a list of users who have access to Sentinel.

 

So far I've only found using Get-AzRoleAssignment to be fairly useful, but so far running it against every subscription seems to be the best way.

 

Does anyone know of any other better methods to retrieve a list of users, direct/indirect (including from RBAC groups) with access to Sentinel?

 

Regards

 

Dan

apis
azure
KQL
siem

2 Replies

Sort By
  • GBushey's avatar
    GBushey
    Former Employee
    Nov 07, 2022
    I would think you need to check the Resource Groups that contains the Log Analytics workspace as permissions could be granted at that level and not just at the subscription level.
    • danielmasters's avatar
      danielmasters
      Brass Contributor
      Nov 08, 2022
      That's a good point. I'm using PIM as well, so turns out Get-AzRoleAssignment isn't the entire solution. It's a fairly involved task and not just "exporting users for Sentinel" as per requested by audit....

Resources