ServiceNow CMDB CI relationship sync: faster, more complete →
Mods
Azure

Policy: Azure > Turbot > Permissions > Levels > Modifiers

A map of Azure API to Guardrails Permission Level used to customize Guardrails' standard permissions. You can add, remove or redefine the mapping of Azure API operations to Guardrails permissions levels here.

Note: Modifiers are cumulative - if you add a permission to the metadata level, it is also added to readOnly, operator and admin.

Modifier policies set here apply ONLY to the Azure levels (Azure/Admin, Azure/Operator, etc), not to the service levels (Azure/Storage/Admin, Azure/Compute/Operator, etc),

Resource Types

This policy targets the following resource types:

Primary Policy

This policy is used with the following primary policy:

Policy Specification

Schema Type
array
Default
[]
Examples [YAML]
  • - Microsoft.Storage/storageAccounts/delete: operator
    - Microsoft.Storage/storageAccounts/write: admin
    - Microsoft.Storage/storageAccounts/read: readOnly
    - Microsoft.Compute/disks/delete: operator
    

Category

In Your Workspace

Developers