rspec/rules/S6385/description.adoc

Defining a custom role for a Subscription or a Management group that allows all actions will give them the same capabilities as the built-in Owner role.
It's recommended to limit the number of subscription owners in order to mitigate the risk of being breached by a compromised owner.

This rule raises an issue when a custom role has an assignable scope set to a Subscription or a Management Group and allows all actions (``++*++``)
¨
Create rule S6385: add language AzureResourceManager (#1829) You can preview this rule [here](https://sonarsource.github.io/rspec/#/rspec/S6385/azureresourcemanager) (updated a few minutes after each push). --------- Co-authored-by: rudy-regazzoni-sonarsource <rudy-regazzoni-sonarsource@users.noreply.github.com> Co-authored-by: Rudy Regazzoni <rudy.regazzoni@sonarsource.com> 2023-05-12 09:02:37 +02:00			`Defining a custom role for a Subscription or a Management group that allows all actions will give them the same capabilities as the built-in Owner role.`
Create rule S6385[terraform]: Azure custom roles should not grant subscription Owner capabilities (#603) * Create rule S6385 * Add rule description * Apply suggestions from code review Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com> * Update rules/S6385/see.adoc Fix CWE link * Update rules/S6385/see.adoc Fix CWE link * Add missing azure tag Co-authored-by: pierre-loup-tristant-sonarsource <pierre-loup-tristant-sonarsource@users.noreply.github.com> Co-authored-by: Pierre-Loup Tristant <pierre-loup.tristant@sonarsource.com> Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com> Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com> 2022-01-03 15:07:46 +00:00			`It's recommended to limit the number of subscription owners in order to mitigate the risk of being breached by a compromised owner.`

Create rule S6385: add language AzureResourceManager (#1829) You can preview this rule [here](https://sonarsource.github.io/rspec/#/rspec/S6385/azureresourcemanager) (updated a few minutes after each push). --------- Co-authored-by: rudy-regazzoni-sonarsource <rudy-regazzoni-sonarsource@users.noreply.github.com> Co-authored-by: Rudy Regazzoni <rudy.regazzoni@sonarsource.com> 2023-05-12 09:02:37 +02:00			This rule raises an issue when a custom role has an assignable scope set to a Subscription or a Management Group and allows all actions (``++*++``)
			`¨`