AzPolicyAdvertizer

last sync: 2025-Jun-13 17:23:19 UTC

Kubernetes clusters should minimize wildcard use in role and cluster role

Azure BuiltIn Policy definition

Source Azure Portal
Display name Kubernetes clusters should minimize wildcard use in role and cluster role
Id ca8d5704-aa2b-40cf-b110-dc19052825ad
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 2
1.1.0
1.0.0
Built-in Versioning [Preview]
Category Kubernetes
Microsoft Learn
Description Using wildcards '*' can be a security risk because it grants broad permissions that may not be necessary for a specific role. If a role has too many permissions, it could potentially be abused by an attacker or compromised user to gain unauthorized access to resources in the cluster.
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.0.0'
Repository: Azure-Policy ca8d5704-aa2b-40cf-b110-dc19052825ad
Mode Microsoft.Kubernetes.Data
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Compliance Not a Compliance control
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Preview]: Kubernetes cluster should follow the security control recommendations of Center for Internet Security (CIS) Kubernetes benchmark 4fd005fd-51be-478f-a8fb-149d48b20d48 Kubernetes Preview BuiltIn true
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-08-09 18:17:47 change Minor (1.0.0 > 1.1.0)
2023-11-14 18:14:48 add ca8d5704-aa2b-40cf-b110-dc19052825ad
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC