Policy: Azure > CIS v1 > 1 Identity and Access Management > 1.23 Ensure that no custom subscription owner roles are created (Scored)
Configures auditing against a CIS Benchmark item.
Level: 2 (Scored)
Subscription ownership should not include permission to create custom owner roles. The principle of least privilege should be followed and only necessary privileges should be assigned instead of allowing full administrative access.
Resource Types
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Controls
- Azure > CIS v1
- Azure > CIS v1 > 1 Identity and Access Management > 1.23 Ensure that no custom subscription owner roles are created (Scored)
- Azure > CIS v1 > 1 Identity and Access Management
Policy Specification
Schema Type |
|
---|---|
Default |
|
Valid Values [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/cis#/control/categories/v0704
- tmod:@turbot/azure-cisv1#/policy/types/r0123
- turbot graphql policy-type --id "tmod:@turbot/azure-cisv1#/policy/types/r0123"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv1#/policy/types/r0123"
Get Policy TypeGet Policy Settings
Category URI
Policy Type URI
GraphQL
CLI