Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Permissions required for Editing Azure Sentinel Workbooks

Brass Contributor

Hello 

I have currently "Contributor" privileges on an azure tenant that is accessed through Azure Light house. However, i cannot edit the workbooks, there is no option available for that. 

 

I have checked the documentation from the below link that shows that I need to have "Azure Sentinel Contributor" role in order to edit the workbooks.

 

Permissions in Azure Sentinel | Microsoft Docs

 

Can you confirm if "Contributor" permissions are enough since it says that Contributor have "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image

 

Do I still need "Azure Sentinel Contributor" permissions so I can speak with the admin.

 

Thanks

Fahad.

5 Replies
best response confirmed by FahadAhmed (Brass Contributor)
Solution
You do need the Azure Sentinel Contributor as they are part of the Azure Sentinel environment. You would be able to edit other workbooks in your subscription with the rights you have.
Thanks Gary for the prompt response, much appreciated.

@Gary Bushey I now have both Contributor and Azure Sentinel Contributor access, still the SAVE button on the workbook is greyed out and i cannot edit or save the workbook templates.

 

Any reason why still I am unable to save or edit workbooks??

 

Thanks

Fahad.

Does the resource group that the playbook belongs to have the playbook permissions enabled? In Microsoft Sentinel, click on the Settings link in the left-hand navigation and, in the header of the new page, click on Settings again. There is a section called "Playbook permissions". Open that and ensure that the resource group has the needed rights.
I got the issue resolved.

For Workbooks;
Both "Contributor" and "Azure sentinel Contributor" permissions were available , however it was on "This resource" rather than on the subscription level. Once it was granted on subscription level, i was able to save the workbooks.

For Playbooks:
Since I already had the "Contributor" and "Azure sentinel Contributor" permissions. Additional permissions that were required were of "Logic App contributor" and "Owner" permissions on the resource group. After that issue was resolved.

Thanks
Fahad.
1 best response

Accepted Solutions
best response confirmed by FahadAhmed (Brass Contributor)
Solution
You do need the Azure Sentinel Contributor as they are part of the Azure Sentinel environment. You would be able to edit other workbooks in your subscription with the rights you have.

View solution in original post