General Availability: Granular RBAC in Azure Monitor Logs

We’re excited to announce the general availability of Granular Role-Based Access Control (RBAC) in Azure Monitor Logs!

This capability enables you to set fine-grained data access control at the row level, giving you more flexibility and security when managing log data.

Back in May 2025, we introduced this feature in public preview. Today, it’s fully available and ready for production use

What is Granular RBAC?

Organizations often need to segregate and control access to data without trading off the benefits of a centralized logging platform. Granular RBAC builds on existing Azure RBAC capabilities for workspace and table-level access, allowing you to:

• Apply least privilege access at any level, workspace, table, or row level security.
• Maintain all your data in a single Log Analytics workspace.
• Separate data plane and control plane access using Azure Attribute-Based Access Control (ABAC) as part of your RBAC role assignments.

With Granular RBAC, you can filter which data each user can view or query based on conditions you define such as organizational roles, geographic regions, or data sensitivity levels.

What’s New?

• Broad Availability: Granular RBAC is now supported in Azure Public Cloud, Azure Government (GCC), and Azure China.
• New Built-in Role: The Log Analytics Data Reader role now fully supports Granular RBAC for an out-of-the-box experience. Learn more

Get Started

Learn more about Granular RBAC and how to set it up in Azure Monitor Logs

We hope you enjoy this new addition to Azure Monitor Log Analytics.