Reputation: 1
How can I use kusto to show which permissions are being used by which users on the data plane
We are trying to analyze which Azure permissions are being used by which users, so that we can trim our custom roles back to only include permissions that are being used.
We have configured all of our Azure resources to send all logs and metrics to a Log Analytics Workspace.
As I understand it, any management plane actions are pushed into the AzureActivity table while any actions on the data plane are pushed into the AzureDiagnostics table.
From the AzureActivity table (in OperationNameValue field) we can see when users are performing actions like
MICROSOFT.INSIGHTS/DIAGNOSTICSETTINGS/WRITE
Which is exactly what we need, we can use this to ensure the custom RBAC role includes that permission.
However in the AzureDiagnostics table we can only pull the OperationName field which returns values such as...
ListPrivateEndpointConnections VaultGet SecretSet SecretGet
How can we map these across to the permissions associated with the DataActions?
For example "SecretGet" requires "Microsoft.KeyVault/vaults/secrets/getSecret/action"
Upvotes: 0
Views: 365
Answers (0)
Related Questions
- Permission Denied Error in Databricks Key Vault
- Azure Marketplace SaaS Accelerator Installation Error: Unauthorized to Perform Action on Key Vault
- Implementing Azure Policy to Restrict Role Assignments at Subscription Level Except for Specific Service Principal
- Azure Key Vault Logs: Success with Forbidden ResultSignature
- Can Azure AKS operate on Managed Identities without requiring a Contributor role?
- Prevent access to Production resources using Azure Custom RBAC
- List of RBAC permissions for all Azure Resources
- Why are these Azure permissions not working?
- How can i do the Role Based Access Control in Azure Kubernetes Service?