Feb 18 2022
I have been reading up on this and it seems it's not fine grained enough for this but thought I'd ask before I fully abandon this idea and to look for other solutions.
I have logs (app + FW) going into a Log Analytics workspace with Sentinel on top.
Whilst the security team has full control of the data within, I also want to give another team (say 2nd line) read only access to one selected table and a selected number of columns within.
For example, I have:Table 1 - with columns A, B C, D & E
Table 2 - with columns A, B, C D & E
Is there a way using RBAC to give this team (2nd line) access to ONLY table 2 and ONLY columns A, C & E?
If not, am I looking at exporting the logs from Log Analytics and into say a SQL DB to have this implemented?
Many thanks in advance.