"Analytics rule partially saved" issue on adding automation rule

Question

In Azure Sentinel, I'm trying to add a new automation rule to an analytics rule wherein a playbook to send email notifications is triggered when a new incident related to the analytics rule is generated. But after successful validation of the analytics rule and saving it, the notification appears "Analytics rule partially saved". Then on checking the analytics rule again, the newly added automation rule is missing. Not sure if this is a bug or a configuration issue from my side. Please advise on this issue. The screenshots related to this have been attached.

Answer 1

@Shashi Shailaj Thanks a lot for checking this out. I could resolve the issue by adding the roles 'Owner' and 'Logic app contributor' to my user in the resource group which contained the playbook I needed to run. Now the automation rules are getting saved properly.

Navigation :

1. Go to the Resource Group which contains the playbook.
2. Select Access Control(IAM) --> +Add --> Add Role Assignment
3. In 'Role' tab in 'Add Role Assignment' window, select 'Owner' role. Click Next.
4. In 'Members' tab, Assign access to 'User, group, or service principal'. Add the members who need to be assigned the role. Click Next.
5. Select Review+Assign.
6. Repeat the same for 'Logic app contributor' role.

Another point to check is if the playbook have permissions to be run by Azure Sentinel. To check this,

1. Go to Azure Sentinel -> Configuration -> Settings -> Playbook permissions -> Configure Permissions
2. Check 'Current permissions' tab to see if the resource group containing the playbook is listed. Else select the required resource groups in 'Browse' tab and select 'Apply'.

I have a suggestion here. Instead of displaying the "Analytics rule partially saved" notification at the end of saving the analytics rule, it would be great if the missing permissions are shown as notification/error while adding the playbooks in the 'Automated Response' Tab of the analytics rule. Thank you.