Hello @Soumya Banerjee ,
Thanks for the question and using MS Q&A platform.
Yes, you can use Restricted view access policy to achieve it.
Note: Permissions in ADX/Kusto are given on a database level. Your options are:
- Use Row Level Security policy - Use group membership or execution context to control access to rows in a database table.
- Use Restricted Access policy - RestrictedViewAccess is an optional policy that can be enabled for tables of a database.
- Create a follower database that follows only the tables you want to share, and give them access to the follower database
how do I manage read rights as per the log-sources in Sentinel.
We recommend that you group the resources you are granting access for under a specific resource group created for the purpose.
If you can't, make sure that your team has log reader permissions directly to the resources you want them to access.
For more details, refer to Controlling access to Azure Sentinel Data: Resource RBAC and Manage access to Microsoft Sentinel data by resource
Hope this will help. Please let us know if any further queries.
------------------------------
- Please don't forget to click on or upvote button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
- Want a reminder to come back and check responses? Here is how to subscribe to a notification
- If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators