AzPolicyAdvertizer

last sync: 2023-Jun-19 17:45:01 UTC

Community Policy definition

Deploy or audit for a specific role assignment at the subscription scope

Name Deploy or audit for a specific role assignment at the subscription scope
Community-Policy GitHub
Id 920965ec-47a1-4db9-b85c-8612be3a081f
Version 1.0.0
details on versioning
Category Authorization
Microsoft docs
Description This policy will validate that a specific role assignment exists or not. It can either audit for the role assignment or deploy it if it does not exist.
Mode All
Type Custom Community
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, DeployIfNotExists, Disabled
Used RBAC Role
Role Name Role Id
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635
Rule Aliases THEN-ExistenceCondition (2)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Authorization/roleAssignments/principalId Microsoft.Authorization roleAssignments properties.principalId false
Microsoft.Authorization/roleAssignments/roleDefinitionId Microsoft.Authorization roleAssignments properties.roleDefinitionId false
Rule ResourceTypes IF (1)
Microsoft.Resources/subscriptions
THEN-Deployment (2)
Microsoft.Authorization/roleAssignments
Microsoft.Authorization/roleDefinitions
JSON