azureloggingrbacazure-log-analyticsidentity-management

Azure Log Analytics only allow access to one specific table


I'm trying to allow team members to view one specific table in a Log Analytics Workspace. I added the Table IAM role Reader for that specific user, but they couldn't access the workspace that way. Hence I added Reader to the workspace IAM, but that allows access to all tables.

Is there a way to allow someone access to Log Analytics but only query one table?


Solution

  • Azure Log Analytics only allow access to one specific table:

    To allow access to a specific table in log analytics workspaces, you can follow below steps as detailed.

    Refer Set table-level read access MS Doc.

    1. Go to your Log analytics workspace >> Access Control (IAM) >> Roles as shown in the below image.

    enter image description here

    1. It redirects you to below page to create a custom role. Add below under actions[] block by clicking on edit Json option.
    "Microsoft.OperationalInsights/workspaces/read",
    "Microsoft.OperationalInsights/workspaces/query/read"
    

    enter image description here

    Once it's done, click on save changes and custom role will be created.

    enter image description here

    After all the above procedure, the new custom role will be visible now under Access control (IAM) >> roles.

    Now go to Access control (AIM) >> Add >> Add role assignment for the specific user or service principal according to your requirement.