azure azure-security azure-rbac azure-sentinel

Azure Sentinel RBAC - Best Practice

We are in the process of implmenting Sentinel with several data sources, what is the best way to do the RBAC?

Solution

You would just create the dashboard from Azure Sentinel and assign RBAC roles to it the same way you would with any other Resource in Azure.

The quickstart guide covers it:

To create a new dashboard from scratch, select Dashboards and then +New dashboard.
Select the subscription the dashboard is created in and give it a descriptive name. Each dashboard is an Azure resource like any other, and you can assign it roles (RBAC) to define and limit who can access.
To enable it to show up in your dashboards to pin visualizations to, you have to share it. Click Share and then Manage users.
Use the Check access and Role assignments as you would for any other Azure resource. For more information, see Share Azure dashboards by using RBAC.

Let me know if this helps.

WebJob is stopping due to website shutting down
Is it possible to change the day returned from startofweek() and endofweek()?
Handling Audio blobs sent through mediarecorder in JS through python server script for azure service
Export app registrations with expiring secrets and certificates and send alert in teams
SQL Azure import slow, hangs, but local import takes 3 minutes
Issue with Group email address domain when create a new Microsoft 365 Group
What is the URL for New Page in Azure DevOps Wiki? / How to bookmark New Page?
Is there a dynamic way to get variables from Variable Group? Even secret ones? and insert in Azure Key Vault
How do I configure my Bicep scripts to allow a container app to pull an image from an ACR using managed identity across subscriptions
Azure DevOps. Can't trigger a pipeline in Repo A when a commit is done in repo B
How to change the default Azure AI Search scoring to be increased when the whole search term is found exactly?
List and download files in a folder in a blob with blob level SAS token
How to change the Lease state of Azure Blob to Available
unable to delete or move first step from logic app?
Azure Terraform - Encrypt VM OS Disk
How to temporary stop Azure API Management Service
Unable to retrieve key vault certificates in azure runbook
C#: 'A change set cannot include changes to more than '1' source resources' when adding a user To Group using Azure Graph API 2.0
Set size limt to direct upload to azure blob storage via SAS URL
Using AddAzureKeyVault makes my application 10 seconds slower
PostGreSQL pg_dump psql and pg_restore errors with Azure Flexible SQL Server
How to check signature of a token coming from Azure SSO
How can I get error details from an if condition activity in Azure Data Factory?
Getting a 404 for GET /robots933456.txt
Given an Applications Insight Instrumentation key, get the name of the service in Azure
How to specify rewrite url for query string parameters in Azure API Management
Can a normal Azure Function and a Durable Azure Function coexist in the same Function App?
TenantGuidNotFound when trying to send email using Microsfot GraphAPI
Can't signin into microsoft account
Azure Function App Kudu Functions API with empty response