@Shashi Shailaj Thanks a lot for checking this out. I could resolve the issue by adding the roles 'Owner' and 'Logic app contributor' to my user in the resource group which contained the playbook I needed to run. Now the automation rules are getting saved properly.
Navigation :
- Go to the Resource Group which contains the playbook.
- Select Access Control(IAM) --> +Add --> Add Role Assignment
- In 'Role' tab in 'Add Role Assignment' window, select 'Owner' role. Click Next.
- In 'Members' tab, Assign access to 'User, group, or service principal'. Add the members who need to be assigned the role. Click Next.
- Select Review+Assign.
- Repeat the same for 'Logic app contributor' role.
Another point to check is if the playbook have permissions to be run by Azure Sentinel. To check this,
- Go to Azure Sentinel -> Configuration -> Settings -> Playbook permissions -> Configure Permissions
- Check 'Current permissions' tab to see if the resource group containing the playbook is listed. Else select the required resource groups in 'Browse' tab and select 'Apply'.
I have a suggestion here. Instead of displaying the "Analytics rule partially saved" notification at the end of saving the analytics rule, it would be great if the missing permissions are shown as notification/error while adding the playbooks in the 'Automated Response' Tab of the analytics rule. Thank you.