rspec/rules/S6381/ask-yourself.adoc

== Ask Yourself Whether

* The user, group, or service principal doesn't use the entirety of this extensive set of permissions to operate on a day-to-day basis.
* It is possible to follow the Separation of Duties principle and split permissions between multiple users, but it's not enforced.
There is a risk if you answered yes to any of these questions.
Create rule S6381[terraform]: Assigning high privileges Azure Resource Manager built-in roles is security-sensitive (#583) * Create rule S6381 * Add rule description * Apply suggestions from code review Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com> Co-authored-by: pierre-loup-tristant-sonarsource <pierre-loup-tristant-sonarsource@users.noreply.github.com> Co-authored-by: Pierre-Loup Tristant <pierre-loup.tristant@sonarsource.com> Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com> Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com> 2021-12-29 08:22:27 +00:00			`== Ask Yourself Whether`

			`* The user, group, or service principal doesn't use the entirety of this extensive set of permissions to operate on a day-to-day basis.`
			`* It is possible to follow the Separation of Duties principle and split permissions between multiple users, but it's not enforced.`
			`There is a risk if you answered yes to any of these questions.`