Ability to limit a group of user to only see certain columns in particular table in Log Analytics/Sentinel

Johnny C.Y. Tang 41 Reputation points
2022-02-22T16:36:14.79+00:00

Hi,
I have a requirement to limit a particular group of users to only have access to view/query certain columns in a particular table (and nothing else) within a Log Analytics workspace or Sentinel.
Is it possible with RBAC and/or custom role?
Or do I have to basically upload another copy of the 'small' logs from syslog collector up to another log analytics workspace?

Thanks.

JT

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,210 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,122 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andrew Blumhardt 9,856 Reputation points Microsoft Employee
    2022-02-22T17:46:19.027+00:00

    Log Analytics only supports table-level RBAC. You can have a separate table as you mentioned. Maybe visualize the data in PowerBI.

    I think there may be some better alternatives coming later this year.

    https://learn.microsoft.com/en-us/azure/azure-monitor/logs/manage-access#table-level-rbac

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.