Managing the permissions of the workspace
Before we connect and store data in the workspace and enable Azure Sentinel to carry out analytics on the data, let's review the options to secure access to this new resource. Azure provides three main levels of access to resources:
- Owner: Has the highest level of access to resources
- Contributor: Can create and modify resources, but cannot grant or revoke access
- Reader: Can view all resources
These permissions can be granted at four different levels:
- Subscription: Highest level of access, applies to all resources within the subscription
- Resource group: Applies to the specific resource group, which may contain multiple workspaces
- Workspace: Applies only to the specific workspace
- Table-level RBAC: Applies to individual tables within the log
Table-Level RBAC
While there is no user interface available to set permissions on individual tables within the log, you can create Azure custom roles to set these...
