His post shares in great detail the architecture and confederation for centralizing log analytics workspace vs multi workspaces in Microsoft Sentinel and Azure security center.
On this blog post, we will review how the Table level RBAC lets you ingest your collected data into a centralize workspace and still keep your data segregate for a specific user or group.
Example use case
Contoso installed several Windows servers and wants to send their performance logs into a centralized workspace that combines Security logs and operational logs. The Contoso OPS team that manage the performance monitor workload in the organization need access only to the performance log table and not to Other sensitive data like the security events logs that store on the same workspace.
Configure RBAC table Level Access
To configure the RBAC table level access we need to: