rspec/rules/S6379/description.adoc

Enabling Azure resource-specific admin accounts can reduce an organization's ability to protect itself against account or service account thefts.

Full Administrator permissions fail to correctly separate duties and create potentially critical attack vectors on the impacted resources.

In case of abuse of elevated permissions, both the data on which impacted resources operate and their access traceability are at risk.
Create rule S6379: Add language AzureResourceManager (APPSEC-776) (#2242) [Specification ticket](https://sonarsource.atlassian.net/browse/APPSEC-776) [Implementation ticket](https://sonarsource.atlassian.net/browse/SONARIAC-885) [RSPEC Preview](https://sonarsource.github.io/rspec/#/rspec/S6379/azureresourcemanager) PR for adding Bicep code examples https://github.com/SonarSource/rspec/pull/2244 ## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: pierre-loup-tristant-sonarsource <pierre-loup-tristant-sonarsource@users.noreply.github.com> Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com> 2023-08-02 15:18:05 +02:00			`Enabling Azure resource-specific admin accounts can reduce an organization's ability to protect itself against account or service account thefts.`

			`Full Administrator permissions fail to correctly separate duties and create potentially critical attack vectors on the impacted resources.`

			`In case of abuse of elevated permissions, both the data on which impacted resources operate and their access traceability are at risk.`