last sync: 2021-Jul-26 15:31:58 UTC

Azure Policy definition

[Preview]: Azure Data Factory linked service resource type should be in allow list

Name [Preview]: Azure Data Factory linked service resource type should be in allow list
Azure Portal
Id 6809a3d0-d354-42fb-b955-783d207c62a8
Version 1.0.0-preview
details on versioning
Category Data Factory
Microsoft docs
Description Define the allow list of Azure Data Factory linked service types. Restricting allowed resource types enables control over the boundary of data movement. For example, restrict a scope to only allow blob storage with Data Lake Storage Gen1 and Gen2 for analytics or a scope to only allow SQL and Kusto access for real-time queries.
Mode All
Type BuiltIn
Preview True
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-02-10 14:43:58 add 6809a3d0-d354-42fb-b955-783d207c62a8
Used in Initiatives none
JSON
{
  "properties": {
  "displayName": "[Preview]: Azure Data Factory linked service resource type should be in allow list",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "Define the allow list of Azure Data Factory linked service types. Restricting allowed resource types enables control over the boundary of data movement. For example, restrict a scope to only allow blob storage with Data Lake Storage Gen1 and Gen2 for analytics or a scope to only allow SQL and Kusto access for real-time queries.",
    "metadata": {
      "version": "1.0.0-preview",
      "category": "Data Factory",
      "preview": true
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      },
      "allowedLinkedServiceResourceTypes": {
        "type": "Array",
        "metadata": {
          "displayName": "Allowed linked service resource types",
          "description": "The list of allowed linked service resource types."
        },
        "allowedValues": [
          "AdlsGen2CosmosStructuredStream",
          "AdobeExperiencePlatform",
          "AdobeIntegration",
          "AmazonRedshift",
          "AmazonS3",
          "AzureBlobFS",
          "AzureBlobStorage",
          "AzureDataExplorer",
          "AzureDataLakeStore",
          "AzureDataLakeStoreCosmosStructuredStream",
          "AzureDataShare",
          "AzureFileStorage",
          "AzureKeyVault",
          "AzureMariaDB",
          "AzureMySql",
          "AzurePostgreSql",
          "AzureSearch",
          "AzureSqlDatabase",
          "AzureSqlDW",
          "AzureSqlMI",
          "AzureTableStorage",
          "Cassandra",
          "CommonDataServiceForApps",
          "CosmosDb",
          "CosmosDbMongoDbApi",
          "Db2",
          "DynamicsCrm",
          "FileServer",
          "FtpServer",
          "GitHub",
          "GoogleCloudStorage",
          "Hdfs",
          "Hive",
          "HttpServer",
          "Informix",
          "Kusto",
          "MicrosoftAccess",
          "MySql",
          "Netezza",
          "Odata",
          "Odbc",
          "Office365",
          "Oracle",
          "PostgreSql",
          "Salesforce",
          "SalesforceServiceCloud",
          "SapBw",
          "SapHana",
          "SapOpenHub",
          "SapTable",
          "Sftp",
          "SharePointOnlineList",
          "Snowflake",
          "SqlServer",
          "Sybase",
          "Teradata",
          "HDInsightOnDemand",
          "HDInsight",
          "AzureDataLakeAnalytics",
          "AzureBatch",
          "AzureFunction",
          "AzureML",
          "AzureMLService",
          "MongoDb",
          "GoogleBigQuery",
          "Impala",
          "ServiceNow",
          "Dynamics",
          "AzureDatabricks",
          "AmazonMWS",
          "SapCloudForCustomer",
          "SapEcc",
          "Web",
          "MongoDbAtlas",
          "HBase",
          "Spark",
          "Phoenix",
          "PayPal",
          "Marketo",
          "Responsys",
          "SalesforceMarketingCloud",
          "Presto",
          "Square",
          "Xero",
          "Jira",
          "Magento",
          "Shopify",
          "Concur",
          "Hubspot",
          "Zoho",
          "Eloqua",
          "QuickBooks",
          "Couchbase",
          "Drill",
          "Greenplum",
          "MariaDB",
          "Vertica",
          "MongoDbV2",
          "OracleServiceCloud",
          "GoogleAdWords",
          "RestService",
          "DynamicsAX",
          "AzureDataCatalog",
          "AzureDatabricksDeltaLake"
        ]
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.DataFactory/factories/linkedservices"
          },
          {
            "field": "Microsoft.DataFactory/factories/linkedservices/type",
          "notIn": "[parameters('allowedLinkedServiceResourceTypes')]"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/6809a3d0-d354-42fb-b955-783d207c62a8",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "6809a3d0-d354-42fb-b955-783d207c62a8"
}