Azure Roles for Log Analytics and How they Relate to the Services Hub

Your workspace in Services Hub is to be linked to an Azure Log Analytics workspace.

Purpose of linking:

  • Only when one links their Services Hub workspace (which you use when you login into Services Hub) with their Azure Log Analytics workspace, they enable the On-Demand Assessments in their Azure Log Analytics workspace.

  • On-Demand Assessments are available to workspace which have been specially enabled which happens during the linking (linking between Services Hub and Azure Log Analytics workspace) process.

  • The linking process enables On-Demand Assessments on the Azure Log Analytics workspace which is being linked (connected) to.

  • Only certain role holders in Azure can successfully link from Services Hub to Azure Log Analytics workspace. The same user account which has logged in Services Hub will be performing the edits in Azure Log Analytics.

Azure roles

Below are the different Azure roles and permissions those roles have in the Services Hub with regards to assessments and linking your Services Hub to Log Analytics.

  • Owner, Reader or Contributor at Log Analytics Workspace level
  • Owner, Reader or Contributor at Resource Group level
  • Owner, Reader, Contributor, Log Analytics Reader or Log Analytics Contributor at Subscription level

The following users can create new Azure Log Analytics workspace under existing Resource Group that are linked to Services Hub workspace:

  • Owner or Contributor at Resource Group level
  • Owner, Contributor or Log Analytics Contributor at Subscription level

The following users can create new Azure Log Analytics workspace under new Resource Group that are linked to Services Hub workspace:

  • Owner or Contributor at Subscription level

The following roles can Add/Remove solutions from Services Hub workspace:

  • Owner or Contributor at Log Analytics Workspace level
  • Owner or Contributor at Resource Group level
  • Owner, Contributor or Log Analytics Contributor at Subscription level

Note: Add/Remove solutions in Log Analytics Workspace can change the costs incurred by the organization and hence it requires higher levels of permission.

Q: How to configure roles in Azure?

A: Visit https://docs.microsoft.com/en-us/azure/active-directory/role-based-access-control-configure

For general feedback on the Resource Center or content, please submit your response to UserVoice. For specific requests and content updates regarding the Services Hub, contact our Support Team to submit a case.