If you are just getting started with Sentinel take a look at the below reference to common roles required for creating Sentinel and integrating Microsoft data sources.
For a complete list of roles refer to Microsoft Sentinel roles and allowed actions Mitigate risk to high privileged roles by leveraging Azure AD Privileged Identity Management
Deploying Sentinel
At minimum these are required on the resource group where Sentinel will be created.
Additional Role Considerations
Although it's not listed in the official docs, this will ensure you have full rights to manage the log analytics workspace.
Connecting Azure Activity Logs
- Azure Owner role on relevant Subscriptions or Owner role at the relevant management group
Enabling UEBA and Connecting Azure AD Logs
- Azure AD Global Admin or Azure AD Security Administrator
Connecting Microsoft 365 Defender
- Azure AD Security Administrator
Connecting Defender for Cloud
- Azure Security Reader Role on all Azure Subscriptions
- Azure Contributor or Security Admin role on all Azure Subscriptions
Connecting Office 365
- Azure AD Global Admin or Azure AD Security Administrator