I was able to solve this by assigning the RBAC Reader role at the root level:
az role assignment create --assignee <assignee> --role Reader --scope "/"
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I'm getting the following error when querying the Azure Tenant Activity logs:
GET
https://management.azure.com/providers/Microsoft.Insights/eventtypes/management/values?api-version=2015-04-01&$filter=eventTimestamp ge '2024-03-19T12:00:00Z' and resourceUri eq '/providers/Microsoft.Authorization' and eventChannels eq 'Operation'
{
"error": {
"code": "AuthorizationFailed",
"message": "The client 'xxx' with object id 'xxx' does not have authorization to perform action 'Microsoft.Insights/eventtypes/values/read' over scope '/providers/Microsoft.Insights/eventtypes/management' or the scope is invalid. If access was recently granted, please refresh your credentials."
}
}
I´ve granted the user both Reader and Monitoring Reader RBAC role at the root management group level. To get the access token I´m using:
[https://login.microsoftonline.com/
I was able to solve this by assigning the RBAC Reader role at the root level:
az role assignment create --assignee <assignee> --role Reader --scope "/"
@Agustin Sabelli - Welcome to Microsoft Q&A and thanks for reaching out to us.
In order to query the Azure tenant activity logs, please assign the RBAC reader role at the root level.
az role assignment create --assignee <assignee> --role Reader --scope "/"
Hope this helps. and please feel free to reach out if you have any further questions.
Please don't forget to "Accept as Answer" and click "Yes" if the above response is helpful, so it can be beneficial to the community.