Log Analytics workspace with RBAC to limit access to certain table(s) and column(s) possible?

%3CLINGO-SUB%20id%3D%22lingo-sub-3184078%22%20slang%3D%22en-US%22%3ELog%20Analytics%20workspace%20with%20RBAC%20to%20limit%20access%20to%20certain%20table(s)%20and%20column(s)%20possible%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3184078%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3EI%20have%20been%20reading%20up%20on%20this%20and%20it%20seems%20it's%20not%20fine%20grained%20enough%20for%20this%20but%20thought%20I'd%20ask%20before%20I%20fully%20abandon%20this%20idea%20and%20to%20look%20for%20other%20solutions.%3C%2FP%3E%3CP%3EI%20have%20logs%20(app%20%2B%20FW)%20going%20into%20a%20Log%20Analytics%20workspace%20with%20Sentinel%20on%20top.%3C%2FP%3E%3CP%3EWhilst%20the%20security%20team%20has%20full%20control%20of%20the%20data%20within%2C%20I%20also%20want%20to%20give%20another%20team%20(say%202nd%20line)%20read%20only%20access%20to%20one%20selected%20table%20and%20a%20selected%20number%20of%20columns%20within.%3C%2FP%3E%3CP%3EFor%20example%2C%20I%20have%3A%3CBR%20%2F%3ETable%201%20-%20with%20columns%20A%2C%20B%20C%2C%20D%20%26amp%3B%20E%3C%2FP%3E%3CP%3ETable%202%20-%20with%20columns%20A%2C%20B%2C%20C%20D%20%26amp%3B%20E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20way%20using%20RBAC%20to%20give%20this%20team%20(2nd%20line)%20access%20to%20ONLY%20table%202%20and%20ONLY%20columns%20A%2C%20C%20%26amp%3B%20E%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20not%2C%20am%20I%20looking%20at%20exporting%20the%20logs%20from%20Log%20Analytics%20and%20into%20say%20a%20SQL%20DB%20to%20have%20this%20implemented%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20thanks%20in%20advance.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi all,

I have been reading up on this and it seems it's not fine grained enough for this but thought I'd ask before I fully abandon this idea and to look for other solutions.

I have logs (app + FW) going into a Log Analytics workspace with Sentinel on top.

Whilst the security team has full control of the data within, I also want to give another team (say 2nd line) read only access to one selected table and a selected number of columns within.

For example, I have:
Table 1 - with columns A, B C, D & E

Table 2 - with columns A, B, C D & E

 

Is there a way using RBAC to give this team (2nd line) access to ONLY table 2 and ONLY columns A, C & E?

 

If not, am I looking at exporting the logs from Log Analytics and into say a SQL DB to have this implemented?

 

Many thanks in advance.

0 Replies