Control: Azure > CIS v4.0 > 06 - Identity Services > 06.03 - Periodic Identity Reviews > 06.03.03 - Ensure that use of the 'User Access Administrator' role is restricted
Configures auditing against a CIS Benchmark item.
Level: 1
The User Access Administrator role grants the ability to view all resources and manage access assignments at any subscription or management group level within the tenant. Due to its high privilege level, this role assignment should be removed immediately after completing the necessary changes at the root scope to minimize security risks.
The User Access Administrator role provides extensive access control privileges. Unnecessary assignments heighten the risk of privilege escalation and unauthorized access. Removing the role immediately after use minimizes security exposure.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- Azure > CIS v4.0 > 06 - Identity Services > 06.03 - Periodic Identity Reviews > 06.03.03 - Ensure that use of the 'User Access Administrator' role is restricted
- Azure > CIS v4.0
- Azure > CIS v4.0 > 06 - Identity Services
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv4-0#/control/types/r060303
- tmod:@turbot/cis#/control/categories/v070401
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv4-0#/control/types/r060303"
Get Controls