Policy: Azure > CIS v2.0 > 01 - Identity and Access Management > 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks > Attestation
From Azure Portal
1. In the Azure portal, open a subscription or resource group where you want the custom role to be assigned. 2. Select Access control (IAM). 3. Click Add. 4. Select Add custom role. 5. In the Custom Role Name field enter Resource Lock Administrator. 6. In the Description field enter Can Administer Resource Locks. 7. For Baseline permissions select Start from scratch 8. Select next. 9. In the Permissions tab select Add permissions. 10.In the Search for a permission box, type in Microsoft.Authorization/locks to search for permissions. 11.Select the check box next to the permission Microsoft.Authorization/locks. 12.Select Add. 13.Select Review + create. 14.Select Create. 15.Assign the newly created role to the appropriate user.
Once verified, enter the date that this attestation expires. Note that the date can not be further in the future than is specified in report level Maximum Attestation Duration policy. Set to a blank value to clear the attestation.
Resource Types
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Controls
- Azure > CIS v2.0
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks
- Azure > CIS v2.0 > 01 - Identity and Access Management
Policy Specification
Schema Type | |
|---|
Category
In Your Workspace
Developers
- tmod:@turbot/cis#/control/categories/v071406
- tmod:@turbot/azure-cisv2-0#/policy/types/r0124Attestation
- turbot graphql policy-type --id "tmod:@turbot/azure-cisv2-0#/policy/types/r0124Attestation"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv2-0#/policy/types/r0124Attestation"
Get Policy TypeGet Policy Settings