e0f375b62c
You can preview this rule [here](https://sonarsource.github.io/rspec/#/rspec/S6381/azureresourcemanager) (updated a few minutes after each push). --------- Co-authored-by: rudy-regazzoni-sonarsource <rudy-regazzoni-sonarsource@users.noreply.github.com> Co-authored-by: Rudy Regazzoni <rudy.regazzoni@sonarsource.com>
11 lines
603 B
Plaintext
11 lines
603 B
Plaintext
Azure Resource Manager offers built-in roles that can be assigned to users, groups, or service principals.
|
|
Some of these roles should be carefully assigned as they grant sensitive permissions like the ability to reset passwords for all users.
|
|
|
|
An Azure account that fails to limit the use of such roles has a higher risk of being breached by a compromised owner.
|
|
|
|
This rule raises an issue when one of the following roles is assigned:
|
|
|
|
* Contributor (b24988ac-6180-42a0-ab88-20f7382dd24c)
|
|
* Owner (8e3af657-a8ff-443c-a75c-2fe8c4bcb635)
|
|
* User Access Administrator (18d7d88d-d35e-4fb5-a5c3-7773c20a72d9)
|