last sync: 2021-Jan-25 16:07:05 UTC

Azure Policy definition

All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace

Name All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace
Azure Portal
Id a1817ec0-a368-432a-8057-8371e17ac6ee
Version 1.0.1
details on versioning
Category Service Bus
Microsoft docs
Description Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you should create access policies at the entity level for queues and topics to provide access to only the specific entity
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History none
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Preview]: Motion Picture Association of America (MPAA) 92646f03-e39d-47a9-9e24-58d60ef49af8 Regulatory Compliance Preview
Json
{
  "properties": {
    "displayName": "All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you should create access policies at the entity level for queues and topics to provide access to only the specific entity",
    "metadata": {
      "version": "1.0.1",
      "category": "Service Bus"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "The effect determines what happens when the policy rule is evaluated to match"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.ServiceBus/namespaces/authorizationRules"
          },
          {
            "field": "name",
            "notEquals": "RootManageSharedAccessKey"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "a1817ec0-a368-432a-8057-8371e17ac6ee"
}