This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I have created a custom playbook but I get the error:
Failed to trigger playbook
Caller is missing required playbook triggering permissions on playbook resource '/subscriptions/8a6d2938-80eb-43bf-9a78-1427a031ab90/resourceGroups/mms-seau/providers/Microsoft.Logic/workflows/ChatGPT3-Playbook', or Microsoft Sentinel is missing required permissions to verify the caller has permissions
When I attempt to manually execute it using incident actions.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 71%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDT%3C/text%3E%3C/svg%3E)
go to sentinel -> settings -> playbook permissions → configure permissions → add resource group chat GPT belongs to
Already have that in place but receive same error. Other suggestions??
Hi Robert,
Sure, have figure it out. There are 2 managed identity to be allocated. The first one that was done was for Sentinel, the one below is for Log Analytics Workspace
go to sentinel -> settings -> workspace settings → Access control IAM -> click on + Add, Add role assignment → under Role search for Microsoft sentinel Responder -> under Member, click on managed identity → add member, search under logic app → select chatGPT-Playbook-01 -> review + assign
Nope. Same issue again.
Has inherited that permission from Resources group anyway.
go to sentinel -> settings -> playbook permissions → configure permissions → add resource group chatGPT3-playbook belongs to
Already have that in place and get the same issue. Any other suggestions?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@Robert D. Crane Apologies for the delay in reviewing this post, based on the error details you provided in the query, please check the below document for the necessary permission given on Logic App and sentinel (check ‘Important’ section)
Use playbooks with automation rules in Microsoft Sentinel | Microsoft Learn
You must have owner permissions on any resource group to which you want to grant Microsoft Sentinel permissions, and you must have the Logic App Contributor role on any resource group containing playbooks you want to run.
Also, refer to this https://learn.microsoft.com/en-us/azure/sentinel/roles Roles and permissions required for Microsoft Sentinel.
Let me know if you have any further questions, feel free to post back or If the issue still persists, lets connect offline to troubleshoot this further.
You can reach me via sending an email on azcommunity [at] microsoft [dot] com referencing this issue with a subject line "ATTN:Givary"
Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.
I have a slightly different way to work out these permissions:
Troubleshooting:
Thank you for your post and I apologize for the delayed response!
Error Message:
Caller is missing required playbook triggering permissions on playbook resource '/subscriptions/..../resourceGroups/.../providers/Microsoft.Logic/workflows/...', or Microsoft Sentinel is missing required permissions to verify the caller has permissions.
From your issue, I understand that you created a custom Sentinel Playbook and when trying to manually run your Playbook through the Sentinel Incident, you're receiving the error message above.
I reproduced your issue and will share some troubleshooting steps below to hopefully point you in the right direction.
Note: If you're still having issues, please feel free to reach out to myself or Givary using the azcommunity email
Findings:
From your previous comments, I understand that you added your Resource Group (mms-seau) to the Sentinel Playbook Permissions Setting, and also confirmed the Microsoft Sentinel Responder role assignment was inherited.
Troubleshooting:
From your error, this still looks like a Permissions issue, so can you confirm the following:
mms-seau), Select Access Control (IAM), confirm your resource group has the Microsoft Sentinel Automation Contributor role assigned to Azure Security Insights. Additionally, make sure that your user has the Logic App Contributor and Owner role assigned.
To run a playbook based on the incident trigger, whether manually or from an automation rule, Microsoft Sentinel uses a service account specifically authorized to do so. This account must be granted explicit permissions (taking the form of the Microsoft Sentinel Automation Contributor role) on the resource group where the playbook resides.I hope this helps!
If you're still having issue, please let us know and we'd be happy to continue working with you on this issue. Thank you for your time and patience throughout this issue.
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?
I just wanted to check in and see if you had any other questions?
I still have the same issue. Playbook won't run.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 65%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
Same issue, doesnt work.