Custom Permissions for Azure Sentinel

mergene · ‎Aug 27 2020

Hi,

I want to give specific permissions to someone on Sentinel like below:

- full access to Threat Management(Incidents, Workbooks, Hunting, Notebooks) and Logs section

- read only access to all other sections.

is this possible? I couldn't see some of these settings on https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations.

I especially want to limit analytic rule creation and playbook creation.

Chi_Nguyen · ‎Aug 28 2020

@mergene , that is possible to customize the access as you described. Please refer to this article for Playbook custom access, and this doc for more details on Alert Rule Creation custom access.

mergene · ‎Aug 28 2020

@Chi_Nguyen

If I give read permission to analytic rules and playbooks, how can I give full permission to Hunting and Workbook section? I can't find the permission for the Hunting. If I give several permission, it will be the union of those permissions I guess and won't work.

Custom Permissions for Azure Sentinel

Custom Permissions for Azure Sentinel

Re: Custom Permissions for Azure Sentinel

Re: Custom Permissions for Azure Sentinel

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Custom Permissions for Azure Sentinel