Custom Role for Surface Hub Logs in Log ANalytics Workspace


Hi All,


I created a custom Role for the Read Access of the Surface Hub Logs, that are ingested to our Log Analytics Workspace with the Surface Hub Solution. I can see the Logs and Query them with my Admin Account.

Cause of Security Reasons, we need a custom Role, that only can access the Surface Hub Logs, but none of the other Logs.


Here is the JSON i used:


    "Name": "Surface Hub Log Reader",
    "Description": "Custom Log Analytics Reader Role that can only view Surface Hub Logs",
    "Actions": [
    "dataActions": [],
    "notActions": [
    "notDataActions": [],
    "AssignableScopes": [
That works well, but when i would like to add any of the SurfaceHub Tables to the Actions, there comes and error. I can also not see them in the Permissions for the Custom Role.
'Microsoft.OperationalInsights/workspaces/SurfaceHubEtw/read' does not match any of the actions supported by the providers.
Would be great if anybody has been through this, or maybe can tell me where i can address the Surface Hub Logs:
Thanks & Regards, Peter
2 Replies



I am not an expert for the Surface Hub solution, but the SurfaceHub* tables you mention are not part of the Azure Monitor reference for LA tables. However, the Device* tables are all there. Are you maybe trying to use deprecated tables?

Hi @hspinto,


Thanks for your response.

I know those tables, but i'm not able to find those referenced in my Log Analytics.


Thanks & Kind Regards,