AzRoleAdvertizer

last sync: 2025-Oct-20 17:22:40 UTC

Microsoft Sentinel Reader

Azure BuiltIn RBAC Role definition

NameMicrosoft Sentinel Reader
Microsoft Learn
Id8d289c81-5878-46d4-8554-54e1e3d8b5cb
DescriptionMicrosoft Sentinel Reader
CategorySecurity
Microsoft Learn
CreatedOn2019-08-28 16:58:50 UTC
UpdatedOn2022-08-01 18:55:21 UTC
Permissions summary Effective control plane and data plane operations: 997 (unique operations)
•: 1
•Action: 16
•Delete: 2
•read: 975
•Write: 3

Actions: 21
Resolved control plane operations from Actions: 999
Effective control plane operations: 997
•: 1
•Action: 16
•Delete: 2
•read: 975
•Write: 3

NotActions: 2
Resolved control plane operations from NotActions: 4
Effective denied control plane operations: 16370

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 4077
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.Insights/myworkbooks/readno description given
Microsoft.Insights/workbooks/readRead a workbook
Microsoft.OperationalInsights/querypacks/*/readwildcarded / no description
Microsoft.OperationalInsights/workspaces/*/readwildcarded / no description
Microsoft.OperationalInsights/workspaces/analytics/query/actionSearch using new engine.
Microsoft.OperationalInsights/workspaces/dataSources/readGet data source under a workspace.
Microsoft.OperationalInsights/workspaces/LinkedServices/readGet linked services under given workspace.
Microsoft.OperationalInsights/workspaces/query/*/readwildcarded / no description
Microsoft.OperationalInsights/workspaces/query/readRun queries over the data in the workspace
Microsoft.OperationalInsights/workspaces/savedSearches/readGets a saved search query.
Microsoft.OperationsManagement/solutions/readGet exiting OMS solution
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readOttiene o elenca i gruppi di risorse.
Microsoft.Resources/templateSpecs/*/readwildcarded / no description
Microsoft.SecurityInsights/*/readwildcarded / no description
Microsoft.SecurityInsights/dataConnectorsCheckRequirements/actionCheck user authorization and license
Microsoft.SecurityInsights/threatIntelligence/indicators/query/actionQuery Threat Intelligence Indicators
Microsoft.SecurityInsights/threatIntelligence/queryIndicators/actionQuery Threat Intelligence Indicators
Microsoft.Support/*wildcarded / no description
NotActions
Operation Description
Microsoft.OperationalInsights/workspaces/query/ConfidentialWatchlist/*wildcarded / no description
Microsoft.SecurityInsights/ConfidentialWatchlists/*wildcarded / no description
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy		 none
History
Date/Time (UTC ymd) (i) Change Change detail
2022-08-02 16:33:17 change: NotActions NotActions: 'add Microsoft.SecurityInsights/ConfidentialWatchlists/*; add Microsoft.OperationalInsights/workspaces/query/ConfidentialWatchlist/*'
2022-05-09 16:29:26 change: DisplayName, Description, Actions New DisplayName: 'Microsoft Sentinel Reader'
Old DisplayName: 'Azure Sentinel Reader',
New Description: 'Microsoft Sentinel Reader'
Old Description: 'Azure Sentinel Reader',
Actions: 'add Microsoft.Resources/templateSpecs/*/read'
2021-08-05 14:48:34 change: Actions Actions: 'add Microsoft.OperationalInsights/querypacks/*/read'
2020-11-04 15:39:11 change: Actions Actions: 'add Microsoft.Insights/myworkbooks/read'
JSON
api-version=2023-07-01-preview
Condition none