Log Analytics workspace with RBAC to limit access to certain table(s) and column(s) possible?

Occasional Contributor

Hi all,

I have been reading up on this and it seems it's not fine grained enough for this but thought I'd ask before I fully abandon this idea and to look for other solutions.

I have logs (app + FW) going into a Log Analytics workspace with Sentinel on top.

Whilst the security team has full control of the data within, I also want to give another team (say 2nd line) read only access to one selected table and a selected number of columns within.

For example, I have:
Table 1 - with columns A, B C, D & E

Table 2 - with columns A, B, C D & E

 

Is there a way using RBAC to give this team (2nd line) access to ONLY table 2 and ONLY columns A, C & E?

 

If not, am I looking at exporting the logs from Log Analytics and into say a SQL DB to have this implemented?

 

Many thanks in advance.

0 Replies