Hi @Liam Jones ,
Thanks for your post! I understand that you are trying to deploy an automation rule which calls on a playbook, but are receiving the following error:
Caller is missing required playbook triggering permissions on playbook resource, or Microsoft Sentinel is missing required permissions to verify the caller has permissions
The caller can be either the user or service principal who performed the operation, so in this case the message should be referring to your specific user permissions. The message also indicates though that the permissions may be missing on the Sentinel side as well.
To resolve this issue, you need to confirm that you have the following permissions configured:
- Logic App Contributor role on any resource group containing playbooks you want to run. Your user account needs to have both the Logic App Contributor and Owner roles assigned.
- The Directory Readers role in Azure AD assigned to your account. Alternatively, you can create a custom role with microsoft.directory/servicePrincipals added as an action.
- Since Sentinel uses the Azure Security Insights Enterprise Application to grant permissions, make sure that it has the Azure Sentinel Automation Contributor role assigned to it if you still see the error after adding the other permissions.
- For Lighthouse setups, you need to grant Azure Sentinel Automation Contributor permissions to the Azure Security Insights app in the service provider tenant to the Resource Group where the playbooks are in the customer tenant.
Additional resources:
Azure Sentinel Automation (Preview) - Issue with Permission assignment
Caller is missing required playbook triggering permissions on playbook resource
Let me know if this helps. If the suggestions do not work we can continue the discussion and follow up offline if needed.
-
If the information helped you, please Accept the answer. This will help us as well as others in the community who might be researching similar issues.