SOLVED

How to manage access in Sentinel

New Contributor

Hi, I'm new to sentinel and trying to figure out how to split access to sentinel data by subscription. Can I grant access to view the data of certain resources based on a subscription? For example: I have two subscriptions A and B. From subscription A I want to access all resource data in sentinel; from subscription B to a subset of those resources. It can be done ? how? 

2 Replies
best response confirmed by Fabrics (New Contributor)
Solution

@Fabrics Unless the resources are broken up into different tables there is no much you can do right now.  There is the ability to use table level access but if all the resources are feeding into the same table you would not be able to apply the different access levels.

 

In this case, it seems your best bet would be to have 2 Azure Sentinel instances, one per subscription.  This way you can use the OOTB roles to control who can access which instance and use Azure Lighthouse and/or multi-environment queries to view all the incidents at one time.

 

The new changes to the Portal UI makes it very easy to switch between different workspaces now which will also help. https://azurecloudai.blog/2021/03/03/improved-azure-portal-view-makes-switching-between-azure-sentin...

@Gary Bushey  Thank you so much!