AzPolicyAdvertizer

last sync: 2025-May-09 17:30:01 UTC

Deploy or audit for a specific role assignment at the subscription scope

Community Policy definition

Source Repository Community-Policy GitHub
JSON Community-Policy GitHub
Deploy policy 7700791c-4631-45b6-9880-3a493d1827a5 (1.0.0) to Azure
Display name Deploy or audit for a specific role assignment at the subscription scope
Id 7700791c-4631-45b6-9880-3a493d1827a5
Version 1.0.0
Details on versioning
Category Authorization
Microsoft Learn
Description This policy will validate that a specific role assignment exists or not. It can either audit for the role assignment or deploy it if it does not exist.
Mode All
Type Custom Community
Effect Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
RBAC role(s)
Role Name Role Id
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635
Rule aliases THEN-ExistenceCondition (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Authorization/roleAssignments/principalId Microsoft.Authorization roleAssignments properties.principalId True False
Microsoft.Authorization/roleAssignments/roleDefinitionId Microsoft.Authorization roleAssignments properties.roleDefinitionId True False
Rule resource types IF (1)
Microsoft.Resources/subscriptions
THEN-Deployment (2)
Microsoft.Authorization/roleAssignments
Microsoft.Authorization/roleDefinitions
JSON
EPAC
Deploy policy 7700791c-4631-45b6-9880-3a493d1827a5 (1.0.0) to Azure