@Javier Soriano Hi Javier,   Yes it is though Azure Lighthouse setup.

Perfect. Very same response from your support team as well on this issue. Good to highlight this at the documentation or may have improved from the time the this issue was raised.

There are two main scenarios when managing cross-tenant automation rules:
• Automation rule created in the customer tenant is configured to run a playbook located in the service provider tenant. This approach is normally used to protect intellectual property in the playbook. Nothing special is required for this scenario to work. Just grant permissions to the relevant resource group where the playbook is located via Manage playbook permissions menu as explained here.
• Automation rule created in the customer tenant is configured to run a playbook located in the customer tenant. Used when there is no need to protect intellectual property. For this scenario to work, permissions to execute the playbook need to be granted to Azure Sentinel in both tenants. In the customer tenant, you grant them via Manage playbook permissions menu as explained here. To grant the relevant permissions to the service provider tenant, you need to include the Azure Security Insights app in your Azure Lighthouse delegation template with the Azure Sentinel Automation Contributor role. The scenario looks like this:

@Javier Soriano - I noticed an intresting one here.  

Scenario 1:  Unable to see Manage Permission Link

Although being a owner of the azure subscription and adding logic app contributor role to my user id  within the customer tenant. I am not able to see the Manage Permission link at the sentinel automation rule.   Why cant one edit the permission in this case ??

Do you expect the user to have Azure Sentinel Contributor role other than owner and logic app contributor. ??

Scenario 2: Able to see Manage Permission Link but cannot modify.

With Azure lighthouse after including delegation of Azure Security Insights with Azure Sentinel Contributor role from the service provider tenant  I am able to check its permission but not change it, this is acceptable as I am NOT in the service provider tenant and with Azure Lighthouse a user can max have a contributor role.

In my scenario i am using analytical rule and runbook both in primary tenant. I have contributor level permissions on resource group containing sentinel and logic apps, rg containing runbook is already allowed permission to run runbook from Sentinel Setting runbook permissions.

When I try to run the runbook from incident alerts I am getting Missing Permissions to view playbook runs.

We are using Lighthouse but here we are not doing anything cross tenant in terms of Sentinel.

I have Sentinel Contributor role on the Lighthouse level as well.