Mar 04 2021 02:17 AM
Hi, I'm new to sentinel and trying to figure out how to split access to sentinel data by subscription. Can I grant access to view the data of certain resources based on a subscription? For example: I have two subscriptions A and B. From subscription A I want to access all resource data in sentinel; from subscription B to a subset of those resources. It can be done ? how?
Mar 04 2021 04:31 AM
Solution@Fabrics Unless the resources are broken up into different tables there is no much you can do right now. There is the ability to use table level access but if all the resources are feeding into the same table you would not be able to apply the different access levels.
In this case, it seems your best bet would be to have 2 Azure Sentinel instances, one per subscription. This way you can use the OOTB roles to control who can access which instance and use Azure Lighthouse and/or multi-environment queries to view all the incidents at one time.
The new changes to the Portal UI makes it very easy to switch between different workspaces now which will also help. https://azurecloudai.blog/2021/03/03/improved-azure-portal-view-makes-switching-between-azure-sentin...
Mar 04 2021 04:31 AM
Solution@Fabrics Unless the resources are broken up into different tables there is no much you can do right now. There is the ability to use table level access but if all the resources are feeding into the same table you would not be able to apply the different access levels.
In this case, it seems your best bet would be to have 2 Azure Sentinel instances, one per subscription. This way you can use the OOTB roles to control who can access which instance and use Azure Lighthouse and/or multi-environment queries to view all the incidents at one time.
The new changes to the Portal UI makes it very easy to switch between different workspaces now which will also help. https://azurecloudai.blog/2021/03/03/improved-azure-portal-view-makes-switching-between-azure-sentin...