cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Limiting access to Sentinel

Michael Van Horenbeeck
MVP

‎Mar 11 2019 09:04 AM

‎Mar 11 2019 09:04 AM

Limiting access to Sentinel

Hi all,

 

What would, for now, be the minimum set of roles/permissions required to get access to Sentinel?

I've played around with granting access as a Security Reader some additional ones (Contributor) on the Workspace, but no joy.

 

What permission are (minimally) required and should we apply them on the Subscription, RG, Workspace or elsewhere? Couldn't find any relevant information so far :)

 

Thanks,

 

Michael

3,545 Views
0 Likes
3 Replies
Reply
3 Replies
Ofer_Shezaf

‎Mar 13 2019 01:47 AM

‎Mar 13 2019 01:47 AM

Re: Limiting access to Sentinel

Hi Michael,

 

You will need a subscription contributor permission to onboard. After that, you will need a contributor or reader on the RG, depending on what you want to do. 

 

Connecting to different sources may require additional permissions, which is documented on the specific connectors pages when you connect.

 

~ Ofer

1 Like
Reply
arshad80

‎Apr 21 2020 04:28 PM

‎Apr 21 2020 04:28 PM

Re: Limiting access to Sentinel

@Ofer_Shezaf 

 

Thanks Ofer, i just tested this in our environment :). I took quite a lot of time figuring this out from the documentation its never mentioned in the Sentinel permissions doc very clearly where to apply the permission.

With your trick it works !!

so yes in my case reader permissions on RG seems to work fine. 

0 Likes
Reply
user

‎Oct 05 2020 12:24 PM

‎Oct 05 2020 12:24 PM

Re: Limiting access to Sentinel

@arshad80 The documentation [https://docs.microsoft.com/en-us/azure/sentinel/roles] is very clear about that by stating:

 

  • For best results, these roles should be assigned on the resource group that contains the Azure Sentinel workspace. This way, the roles will apply to all the resources that are deployed to support Azure Sentinel, as those resources should also be placed in that same resource group.

  • Another option is to assign the roles directly on the Azure Sentinel workspace itself. If you do this, you must also assign the same roles on the SecurityInsights solution resource in that workspace. You may need to assign them on other resources as well, and you will need to be constantly managing role assignments on resources.

 

 

0 Likes
Reply