Aug 04 2019 05:15 PM
Hi
Documentation on the RBAC design for Azure Sentinel is a little vague. I am just enabling Azure Sentinel and wanted to understand the least privilege permissions (as we share the Log Analytics workspace with the Ops team). What are the least privilege permissions on a log Analytics workspace to create "Analytics alerts" in Azure Sentinel ?
More Detail
Thanks in advance for your assistance.
Aug 06 2019 08:24 AM
Hi
Our recommendation would be to give reader access to the resource group that the workspace resides in for the least privileges. Obviously, readers wont be able to create analytics and dashboards. If the team needs to be able to do that then give contributor to the RG that the workspace resides in.
Aug 07 2019 02:36 AM
@Fergie635 Microsoft has a page that lists a lot of good recommendations.
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/manage-access