Permissions required to grant Sentinel acccess

Brass Contributor



I am troubleshooting Sentinel access issues on Azure portal - i can access log analytics workspace but not Sentinel workspace.


So far the setup is such:

  • Group "Sentinel Users" to which all Sentinel users belong
  • Dedicated Resource Group "RG_Sentinel"; Sentinel Users have Owner level access.
  • At Subscription level (Sub1), Sentinel Users have "Reader" and "Azure Sentinel Contributor"

The selection for "Azure Sentinel Workspaces" ( is empty.


But Log Analytics workspace which belongs to the dedicated resource group "RG_Sentinel" and is associated with sentinel is readily visible and I can use it as you'd expect.


I've checked that Sentinel Workspace belongs to the Sub1 group and the user I'm testing belongs to "Sentinel Users" . The user is an external user.

5 Replies

@truekonrads  I am not sure about why you don't see the workspace but I have a question as to why you are using an external user like that rather than using Lighthouse?   If I were to hazard a guess I would think there is something about the user being external that is causing issues.

@Gary Busheygood call on Lighthouse, we'll look to transition to this. That said, the person who was adding permissions and had Sub Owner permissions also was an external user.


@truekonradshowever, Lighthouse isn't the solution in principle I think, because while Sentinel can collect most data, some things in Microsoft security suite don't blend into Lighthouse - such as Win Def ATP, Azure ATA and others. If you have Senitnel and WD ATP, you still need login on customer tenant.

UPDATE: after a fairly extended period of time - several days; this issue resovled itself without anyone doing anything about it. Very annoying but glad it works

@truekonrads what did you end up doing