f55da18555
* Create rule S6381 * Add rule description * Apply suggestions from code review Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com> Co-authored-by: pierre-loup-tristant-sonarsource <pierre-loup-tristant-sonarsource@users.noreply.github.com> Co-authored-by: Pierre-Loup Tristant <pierre-loup.tristant@sonarsource.com> Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com> Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com>
11 lines
486 B
Plaintext
11 lines
486 B
Plaintext
Azure Resource Manager offers built-in roles that can be assigned to users, groups, or service principals.
|
|
Some of these roles should be carefully assigned as they grant sensitive permissions like the ability to reset passwords for all users.
|
|
|
|
An Azure account that fails to limit the use of such roles has a higher risk of being breached by a compromised owner.
|
|
|
|
This rule raises an issue when one of the following roles is assigned:
|
|
|
|
* Contributor
|
|
* Owner
|
|
* User Access Administrator
|