cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

How to manage access in Sentinel

Fabrics
Copper Contributor

‎Mar 04 2021 02:17 AM

‎Mar 04 2021 02:17 AM

How to manage access in Sentinel

Hi, I'm new to sentinel and trying to figure out how to split access to sentinel data by subscription. Can I grant access to view the data of certain resources based on a subscription? For example: I have two subscriptions A and B. From subscription A I want to access all resource data in sentinel; from subscription B to a subset of those resources. It can be done ? how? 

1,114 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by Fabrics (Copper Contributor)
Gary Bushey

‎Mar 04 2021 04:31 AM

‎Mar 04 2021 04:31 AM

Solution

Re: How to manage access in Sentinel

@Fabrics Unless the resources are broken up into different tables there is no much you can do right now.  There is the ability to use table level access but if all the resources are feeding into the same table you would not be able to apply the different access levels.

 

In this case, it seems your best bet would be to have 2 Azure Sentinel instances, one per subscription.  This way you can use the OOTB roles to control who can access which instance and use Azure Lighthouse and/or multi-environment queries to view all the incidents at one time.

 

The new changes to the Portal UI makes it very easy to switch between different workspaces now which will also help. https://azurecloudai.blog/2021/03/03/improved-azure-portal-view-makes-switching-between-azure-sentin...

0 Likes
Reply
Fabrics

‎Mar 04 2021 05:37 AM

‎Mar 04 2021 05:37 AM

Re: How to manage access in Sentinel

@Gary Bushey  Thank you so much!

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Fabrics (Copper Contributor)
Gary Bushey

‎Mar 04 2021 04:31 AM

‎Mar 04 2021 04:31 AM

Solution

Re: How to manage access in Sentinel

@Fabrics Unless the resources are broken up into different tables there is no much you can do right now.  There is the ability to use table level access but if all the resources are feeding into the same table you would not be able to apply the different access levels.

 

In this case, it seems your best bet would be to have 2 Azure Sentinel instances, one per subscription.  This way you can use the OOTB roles to control who can access which instance and use Azure Lighthouse and/or multi-environment queries to view all the incidents at one time.

 

The new changes to the Portal UI makes it very easy to switch between different workspaces now which will also help. https://azurecloudai.blog/2021/03/03/improved-azure-portal-view-makes-switching-between-azure-sentin...

View solution in original post

0 Likes
Reply