@a8ree1 The granular restriction with different workspace is usually better approach in sense of giving limited access to various users on basis of different workspaces. However, in your case for a central workspace for Log analytics you can definitely try with custom roles.
To grant a user access to log data from their resources without being able to read security events and send data, perform the following:
Configure the workspace access control mode to use workspace or resource permissions
Grant users the following permissions to their resources: Microsoft.Insights/logs/*/read.
Add the following NonAction to block users from reading the SecurityEvent type:
Microsoft.Insights/logs/SecurityEvent/read.
The NonAction shall be in the same custom role as the action that provides the read permission (Microsoft.Insights/logs/*/read). If the user inherent the read action from another role that is assigned to this resource or to the subscription or resource group, they would be able to read all log types. This is also true if they inherit */read, that exist for example, with the Reader or Contributor role.
Read more about the custom roles scenarios and implementations here
-----------------------------------------------------------------------------------------------------------------
If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.