Json |
{
"properties": {
"displayName": "[Preview]: Azure Data Factory linked service resource type should be in allow list",
"policyType": "BuiltIn",
"mode": "All",
"description": "Define the allow list of Azure Data Factory linked service types. Restricting allowed resource types enables control over the boundary of data movement. For example, restrict a scope to only allow blob storage with Data Lake Storage Gen1 and Gen2 for analytics or a scope to only allow SQL and Kusto access for real-time queries.",
"metadata": {
"version": "1.0.0-preview",
"category": "Data Factory",
"preview": true
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "[Preview]: Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Audit"
},
"allowedLinkedServiceResourceTypes": {
"type": "Array",
"metadata": {
"displayName": "[Preview]: Allowed linked service resource types",
"description": "The list of allowed linked service resource types."
},
"allowedValues": [
"AdlsGen2CosmosStructuredStream",
"AdobeExperiencePlatform",
"AdobeIntegration",
"AmazonRedshift",
"AmazonS3",
"AzureBlobFS",
"AzureBlobStorage",
"AzureDataExplorer",
"AzureDataLakeStore",
"AzureDataLakeStoreCosmosStructuredStream",
"AzureDataShare",
"AzureFileStorage",
"AzureKeyVault",
"AzureMariaDB",
"AzureMySql",
"AzurePostgreSql",
"AzureSearch",
"AzureSqlDatabase",
"AzureSqlDW",
"AzureSqlMI",
"AzureTableStorage",
"Cassandra",
"CommonDataServiceForApps",
"CosmosDb",
"CosmosDbMongoDbApi",
"Db2",
"DynamicsCrm",
"FileServer",
"FtpServer",
"GitHub",
"GoogleCloudStorage",
"Hdfs",
"Hive",
"HttpServer",
"Informix",
"Kusto",
"MicrosoftAccess",
"MySql",
"Netezza",
"Odata",
"Odbc",
"Office365",
"Oracle",
"PostgreSql",
"Salesforce",
"SalesforceServiceCloud",
"SapBw",
"SapHana",
"SapOpenHub",
"SapTable",
"Sftp",
"SharePointOnlineList",
"Snowflake",
"SqlServer",
"Sybase",
"Teradata",
"HDInsightOnDemand",
"HDInsight",
"AzureDataLakeAnalytics",
"AzureBatch",
"AzureFunction",
"AzureML",
"AzureMLService",
"MongoDb",
"GoogleBigQuery",
"Impala",
"ServiceNow",
"Dynamics",
"AzureDatabricks",
"AmazonMWS",
"SapCloudForCustomer",
"SapEcc",
"Web",
"MongoDbAtlas",
"HBase",
"Spark",
"Phoenix",
"PayPal",
"Marketo",
"Responsys",
"SalesforceMarketingCloud",
"Presto",
"Square",
"Xero",
"Jira",
"Magento",
"Shopify",
"Concur",
"Hubspot",
"Zoho",
"Eloqua",
"QuickBooks",
"Couchbase",
"Drill",
"Greenplum",
"MariaDB",
"Vertica",
"MongoDbV2",
"OracleServiceCloud",
"GoogleAdWords",
"RestService",
"DynamicsAX",
"AzureDataCatalog",
"AzureDatabricksDeltaLake"
]
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.DataFactory/factories/linkedservices"
},
{
"field": "Microsoft.DataFactory/factories/linkedservices/type",
"notIn": "[parameters('allowedLinkedServiceResourceTypes')]"
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
}
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/6809a3d0-d354-42fb-b955-783d207c62a8",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "6809a3d0-d354-42fb-b955-783d207c62a8"
}
|