question

jt-jt avatar image
0 Votes"
jt-jt asked AndrewBlumhardt-1137 answered

Ability to limit a group of user to only see certain columns in particular table in Log Analytics/Sentinel

Hi,
I have a requirement to limit a particular group of users to only have access to view/query certain columns in a particular table (and nothing else) within a Log Analytics workspace or Sentinel.
Is it possible with RBAC and/or custom role?
Or do I have to basically upload another copy of the 'small' logs from syslog collector up to another log analytics workspace?

Thanks.

JT

azure-monitormicrosoft-sentinel
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

AndrewBlumhardt-1137 avatar image
0 Votes"
AndrewBlumhardt-1137 answered

Log Analytics only supports table-level RBAC. You can have a separate table as you mentioned. Maybe visualize the data in PowerBI.

I think there may be some better alternatives coming later this year.

https://docs.microsoft.com/en-us/azure/azure-monitor/logs/manage-access#table-level-rbac

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.