Right now I am trying to give a user rights to MS Sentential to customize it but not give admin access to Azure. Here is what I have created so far but Still getting issues.
{ "properties": { "roleName": "MS Azure Sentinel", "description": "Azure Sentinel", "assignableScopes": [ "/subscriptions/Subscriptionid ], "permissions": [ { "actions": [ "Microsoft.SecurityInsights/settings/read", "Microsoft.SecurityInsights/settings/write", "Microsoft.SecurityInsights/operations/read", "Microsoft.SecurityInsights/onboardingStates/read", "Microsoft.SecurityInsights/officeConsents/read", "Microsoft.SecurityInsights/Metadata/read", "Microsoft.SecurityInsights/incidents/comments/read", "Microsoft.SecurityInsights/incidents/relations/read", "Microsoft.SecurityInsights/incidents/tasks/read", "Microsoft.SecurityInsights/incidents/tasks/write", "Microsoft.SecurityInsights/incidents/read", "Microsoft.SecurityInsights/incidents/write", "Microsoft.SecurityInsights/hunts/relations/read", "Microsoft.SecurityInsights/hunts/relations/write", "Microsoft.SecurityInsights/hunts/comments/read", "Microsoft.SecurityInsights/hunts/comments/write", "Microsoft.SecurityInsights/hunts/read", "Microsoft.SecurityInsights/hunts/write", "Microsoft.SecurityInsights/entities/read", "Microsoft.SecurityInsights/entities/gettimeline/action", "Microsoft.SecurityInsights/entities/getInsights/action", "Microsoft.SecurityInsights/dataConnectors/read", "Microsoft.SecurityInsights/dataConnectors/write", "Microsoft.SecurityInsights/ContentPackages/write", "Microsoft.SecurityInsights/ContentPackages/read", "Microsoft.SecurityInsights/ConfidentialWatchlists/read", "Microsoft.SecurityInsights/ConfidentialWatchlists/write", "Microsoft.SecurityInsights/cases/investigations/read", "Microsoft.SecurityInsights/cases/investigations/write", "Microsoft.SecurityInsights/cases/comments/read", "Microsoft.SecurityInsights/cases/comments/write", "Microsoft.SecurityInsights/cases/read", "Microsoft.SecurityInsights/cases/write", "Microsoft.SecurityInsights/ContentTemplates/read", "Microsoft.SecurityInsights/entities/relations/read", "Microsoft.SecurityInsights/entities/relations/write", "Microsoft.SecurityInsights/entityQueries/read", "Microsoft.SecurityInsights/ExportConnections/read", "Microsoft.SecurityInsights/SourceControls/read", "Microsoft.SecurityInsights/enrichment/ip/geodata/read", "Microsoft.SecurityInsights/threatintelligence/read", "Microsoft.SecurityInsights/threatintelligence/write", "Microsoft.SecurityInsights/threatintelligence/query/action", "Microsoft.SecurityInsights/threatintelligence/metrics/action", "Microsoft.SecurityInsights/threatintelligence/bulkTag/action", "Microsoft.SecurityInsights/threatintelligence/createIndicator/action", "Microsoft.SecurityInsights/threatintelligence/queryIndicators/action", "Microsoft.SecurityInsights/threatintelligence/bulkactions/read", "Microsoft.SecurityInsights/threatintelligence/bulkactions/write", "Microsoft.SecurityInsights/threatintelligence/ingestionrulelist/read", "Microsoft.SecurityInsights/threatintelligence/ingestionrulelist/write", "Microsoft.SecurityInsights/threatintelligence/threatactors/read", "Microsoft.SecurityInsights/threatintelligence/threatactors/write", "Microsoft.SecurityInsights/threatintelligence/indicators/write", "Microsoft.SecurityInsights/threatintelligence/indicators/query/action", "Microsoft.SecurityInsights/threatintelligence/indicators/metrics/action", "Microsoft.SecurityInsights/threatintelligence/indicators/bulkTag/action", "Microsoft.SecurityInsights/threatintelligence/indicators/read", "Microsoft.SecurityInsights/threatintelligence/indicators/appendTags/action", "Microsoft.SecurityInsights/threatintelligence/indicators/replaceTags/action", "Microsoft.SecurityInsights/threatintelligence/metrics/read", "Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/read", "Microsoft.SecurityInsights/Watchlists/read", "Microsoft.SecurityInsights/Watchlists/write", "Microsoft.SecurityInsights/WorkspaceManagerAssignments/read", "Microsoft.SecurityInsights/workspaceManagerAssignments/jobs/read", "Microsoft.SecurityInsights/WorkspaceManagerConfigurations/read", "Microsoft.SecurityInsights/WorkspaceManagerGroups/read", "Microsoft.SecurityInsights/WorkspaceManagerMembers/read", "Microsoft.SecurityInsights/alertRules/read", "Microsoft.SecurityInsights/alertRules/write", "Microsoft.SecurityInsights/alertRules/actions/read", "Microsoft.SecurityInsights/alertRules/actions/write", "Microsoft.SecurityInsights/securityMLAnalyticsSettings/read", "Microsoft.SecurityInsights/securityMLAnalyticsSettings/write", "Microsoft.SecurityInsights/automationRules/read", "Microsoft.SecurityInsights/automationRules/write", "Microsoft.SecurityInsights/bookmarks/relations/read", "Microsoft.SecurityInsights/bookmarks/relations/write", "Microsoft.SecurityInsights/businessApplicationAgents/write", "Microsoft.SecurityInsights/businessApplicationAgents/read", "Microsoft.SecurityInsights/businessApplicationAgents/systems/read", "Microsoft.SecurityInsights/businessApplicationAgents/systems/write", "Microsoft.SecurityInsights/businessApplicationAgents/systems/listActions/action", "Microsoft.SecurityInsights/businessApplicationAgents/systems/reportActionStatus/action", "Microsoft.SecurityInsights/businessApplicationAgents/systems/undoAction/action" ], "notActions": [], "dataActions": [], "notDataActions": [] } ] }}
Please advise what I am missing in this IAM role.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 71%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPW%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 13%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBB%3C/text%3E%3C/svg%3E)