Aug 27 2020 01:29 PM
Hi,
I want to give specific permissions to someone on Sentinel like below:
- full access to Threat Management(Incidents, Workbooks, Hunting, Notebooks) and Logs section
- read only access to all other sections.
is this possible? I couldn't see some of these settings on https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations.
I especially want to limit analytic rule creation and playbook creation.
Aug 28 2020 01:28 PM
Aug 28 2020 02:25 PM
If I give read permission to analytic rules and playbooks, how can I give full permission to Hunting and Workbook section? I can't find the permission for the Hunting. If I give several permission, it will be the union of those permissions I guess and won't work.