Restrict access to log analytics queries

Copper Contributor

Hi everyone,


I am faced with an issue I cannot quite see a clear path out of, and I would appreciate some help with this one.


We have a 3rd party managing our Sentinel solution and they have presented an issue where other 3rd parties are able to see their intellectual property. The specific IP they are referring to is the analytic queries set up in the log space.


Is it possible to allow SoC team members from the other 3rd party to use Sentinel and restrict the roles they have to prevent them viewing the analytic queries but retaining the ability to still actively use Sentinel? (e.g., run queries against logs).


I can see you can set up customised roles within Azure but I am struggling to get my head around it logically to be certain it would work as needed.

1 Reply
best response confirmed by Thortonne (Copper Contributor)
Hello, I think just with a custom role.
Select the resource group > IAM > select role sentinel contributor and click to clone.

Check the permissions you want.

if you liked it mark the answer with a like.
if you thought this answer helped in any way please mark it as best answer