last sync: 2020-Jul-15 14:17:33 UTC

Azure Policy

All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace

Policy DisplayName All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace
Policy Id a1817ec0-a368-432a-8057-8371e17ac6ee
Policy Category Service Bus
Policy Description Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you should create access policies at the entity level for queues and topics to provide access to only the specific entity
Policy Mode All
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Default: Audit
Allowed: (Audit,Deny,Disabled)
Roles used none
Policy Changes no changes
Used in Policy Initiative(s)
Initiative DisplayName Initiative Id
[Preview]: Motion Picture Association of America (MPAA) 92646f03-e39d-47a9-9e24-58d60ef49af8
Policy Rule
{
  "properties": {
    "displayName": "All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "Service Bus clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you should create access policies at the entity level for queues and topics to provide access to only the specific entity",
    "metadata": {
      "version": "1.0.1",
      "category": "Service Bus"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "The effect determines what happens when the policy rule is evaluated to match"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.ServiceBus/namespaces/authorizationRules"
          },
          {
            "field": "name",
            "notEquals": "RootManageSharedAccessKey"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "a1817ec0-a368-432a-8057-8371e17ac6ee"
}