7e324674ba
You can preview this rule [here](https://sonarsource.github.io/rspec/#/rspec/S6385/azureresourcemanager) (updated a few minutes after each push). --------- Co-authored-by: rudy-regazzoni-sonarsource <rudy-regazzoni-sonarsource@users.noreply.github.com> Co-authored-by: Rudy Regazzoni <rudy.regazzoni@sonarsource.com>
5 lines
436 B
Plaintext
5 lines
436 B
Plaintext
Defining a custom role for a Subscription or a Management group that allows all actions will give them the same capabilities as the built-in Owner role.
|
|
It's recommended to limit the number of subscription owners in order to mitigate the risk of being breached by a compromised owner.
|
|
|
|
This rule raises an issue when a custom role has an assignable scope set to a Subscription or a Management Group and allows all actions (``++*++``)
|
|
¨ |