Needed RBAC roles to create additional alert types

[dagefjestad]

We created a SP with Contributor rigths and Azure Sentinel Contributor rights.

When we use the SP to create alter rules of type Fusion or MicrosoftSecurityIncidentCreation or MLBehaviorAnalyticswe we get the following error: Unable to invoke webrequest with error message: The client '' with object id '' does not have authorization to perform action 'Microsoft.SecurityInsights/alertRules/write' over scope '/subscriptions//resourceGroups//providers/Microsoft.OperationalInsights/workspaces//providers/Microsoft.SecurityInsights/alertRules/*************' or the scope is invalid. If access was recently granted, please refresh your credentials. ##[error]PowerShell exited with code '1'.

Do the SP need som additional roles or?