| Name | Allowed Role Definitions For Specific Principal IDs Community-Policy GitHub |
||||||||||
| Id | allowed-role-definitions-for-specific-principal-ids | ||||||||||
| Version | n/a details on versioning |
||||||||||
| Category | undefined Microsoft docs |
||||||||||
| Description | This policy defines an allow list of role definitions that can be assigned to specific Principal IDs in IAM. This is useful in the example where you don't want an SPN having it's rights elevated. | ||||||||||
| Mode | All | ||||||||||
| Type | Custom Community | ||||||||||
| Effect | Default Deny Allowed Deny, Disabled |
||||||||||
| Used RBAC Role | none | ||||||||||
| Rule Aliases | IF (1)
|
||||||||||
| Rule ResourceTypes | IF (1) Microsoft.Authorization/roleAssignments |
||||||||||
| JSON |
|