AzPolicyAdvertizer

last sync: 2025-Jul-02 18:12:24 UTC

Deny custom roles with exclusionlist

Community Policy definition

Source Repository Community-Policy GitHub
JSON Community-Policy GitHub
Deploy policy 4eaae358-7df4-4338-ae26-c4547ebe9403 (1.0.0) to Azure
Display name Deny custom roles with exclusionlist
Id 4eaae358-7df4-4338-ae26-c4547ebe9403
Version 1.0.0
Details on versioning
Category Authorization
Microsoft Learn
Description This policy will audit or deny the creation of RBAC custom roles, excluding specified role definition names.
Mode All
Type Custom Community
Effect Default
Audit
Allowed
Deny, Audit, Disabled
RBAC role(s) none
Rule aliases IF (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Authorization/roleDefinitions/roleName Microsoft.Authorization roleDefinitions properties.roleName True False
Microsoft.Authorization/roleDefinitions/type Microsoft.Authorization roleDefinitions properties.type True False
Rule resource types IF (1)
Microsoft.Authorization/roleDefinitions
JSON
EPAC
Deploy policy 4eaae358-7df4-4338-ae26-c4547ebe9403 (1.0.0) to Azure