Thank you for your post!
Error Message:
The client 'ab...@tenant.onmicrosoft.com' with object id '....00' has an authorization with ABAC condition that is not fulfilled to perform action 'Microsoft.Authorization/roleAssignments/write' over scope ... or the scope is invalid...
From your error message, it seems like you are having trouble assigning a playbook to an automation rule in Azure Sentinel due to lack of permissions. The error is indicating that the user abeadmin
doesn't have the necessary authorization to perform the action ../roleAssignments/write
over the specified scope.
To resolve your issue, please ensure that the user (abeadmin
) has the appropriate Microsoft Sentinel Automation Contributor role assigned at the resource group level where the playbook resides.
- For more info - Automate threat response with playbooks in Microsoft Sentinel - Azure roles for Microsoft Sentinel
If you aren't able to assign the Microsoft Sentinel Contributor role, please make sure you're using a user with the Owner role within the resource group to which you want to grant Microsoft Sentinel permissions.
-
Note: If you don't have the appropriate permissions to assign the appropriate RBAC roles, I'd recommend reaching out to an Owner or Contributor within your Subscription to get the appropriate roles assigned.
For more info - Incident creation automated response
Additional Links:
- Automate threat response with playbooks in Microsoft Sentinel - Permissions required
- Roles and permissions for working in Microsoft Sentinel
- Respond to incidents and alerts
I hope this helps!
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.