How to create an alert for azure storage account if there is data action permissions assigned to a custom role or a built in role

Question

How to create an alert for azure storage account if there is data action permissions assigned to a custom role or a built in role

Sahith Thatipalli 40

I want to create an alert using a Kusto query when a custom role is assigned data action permissions for azure storage account or a current role is modified with the data action permissions for the azure storage account

SwathiDhanwada-MSFT 19,088 Reputation points Moderator

2024-03-20T05:52:21.28+00:00

@Sahith Thatipalli Seems you have already raised a similar issue (https://learn.microsoft.com/en-us/answers/questions/1612748/i-am-trying-to-create-alert-when-someone-changes-t) in the past. Do you need further assistance on this ? Can you please elaborate on the issue you are facing when using the provided kusto query.
Sahith Thatipalli 40 Reputation points

2024-03-20T17:20:37.56+00:00

I have got the information
Sahith Thatipalli 40 Reputation points

2024-03-20T17:29:35.6+00:00

It's not actually a similar issue. the last question was regarding if any privileged roles (owner, contributor, user administrator, owner) are assigned alerts should be created. This question is regarding If any of the privileged role, which has the permissions to edit/assign the role assigns the data action permissions such as read/write blob to any other custom role then there should be an alert created.

Answer accepted by question author

0 additional answers

Your answer

SwathiDhanwada-MSFT 19,088 Reputation points Moderator

2024-03-20T05:52:21.28+00:00

@Sahith Thatipalli Seems you have already raised a similar issue (https://learn.microsoft.com/en-us/answers/questions/1612748/i-am-trying-to-create-alert-when-someone-changes-t) in the past. Do you need further assistance on this ? Can you please elaborate on the issue you are facing when using the provided kusto query.
Sahith Thatipalli 40 Reputation points

2024-03-20T17:20:37.56+00:00

I have got the information
Sahith Thatipalli 40 Reputation points

2024-03-20T17:29:35.6+00:00

It's not actually a similar issue. the last question was regarding if any privileged roles (owner, contributor, user administrator, owner) are assigned alerts should be created. This question is regarding If any of the privileged role, which has the permissions to edit/assign the role assigns the data action permissions such as read/write blob to any other custom role then there should be an alert created.

Answer 1

hossein jalilian 13,360 Volunteer Moderator

Thanks for posting your question in the Microsoft Q&A forum.

Here's an example query that demonstrates how to achieve this:

AzureActivity
| where ResourceProvider == "MICROSOFT.STORAGE"
| where Resource == "<YourStorageAccountName>"
| where OperationName == "Microsoft.Authorization/roleAssignments/write"

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful

Sahith Thatipalli 40 Reputation points

2024-03-22T17:15:36.0666667+00:00

Thanks for the response. But this one does not mention any data action permission in the query. is it possible to get an alert if a data action permissions of the blob has been a assigned to either a custom role or built in role.?

Share via

How to create an alert for azure storage account if there is data action permissions assigned to a custom role or a built in role

0 additional answers

Your answer