Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
Azure
Loading resources...

Resource Type: Azure > IAM > Role Definition

The Role Definition resource type is a set of permissions that can be assigned to users, groups, or services in Azure. This helps to control who has access to what resources and what actions they can perform.

Resource Context

Role Definition is a part of the IAM service.

Each Role Definition lives under a Subscription.

Controls

The primary controls for Azure > IAM > Role Definition are:

  • Active
  • Approved
  • CMDB
  • Configured
  • Discovery
  • Intelligent Assessment
  • ServiceNow

It is also targeted by these controls:

  • Azure > CIS v1 > 1 Identity and Access Management > 1.23 Ensure that no custom subscription owner roles are created (Scored)
  • Azure > CIS v1.2 > 1 - Identity and Access Management > 1.21 - Ensure that no custom subscription owner roles are created (Scored)
  • Azure > CIS v1.2 > 1 - Identity and Access Management > 1.23 - Ensure Custom Role is assigned for Administering Resource Locks (Not Scored)
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.23 - Ensure That No Custom Subscription Administrator Roles Exist
  • Azure > CIS v2.0 > 01 - Identity and Access Management > 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks
  • Azure > CIS v3.0 > 02 - Identity > 02.23 - Ensure That No Custom Subscription Administrator Roles Exist
  • Azure > CIS v3.0 > 02 - Identity > 02.24 - Ensure a Custom Role is Assigned Permissions for Administering Resource Locks
  • Azure > CIS v4.0 > 06 - Identity Services > 06.23 - Ensure that no custom subscription administrator roles exist
  • Azure > CIS v4.0 > 06 - Identity Services > 06.24 - Ensure that a custom role is assigned permissions for administering resource locks
  • Azure > CIS v5.0 > 5 - Identity Services > 5.23 - Ensure That No Custom Subscription Administrator Roles Exist
  • Azure > CIS v5.0 > 5 - Identity Services > 5.24 - Ensure that a custom role is assigned permissions for administering resource locks

Quick Actions

  • Delete
  • Router

Category

  • IAM

In Your Workspace

  • Controls by Resource Type report
  • Policy Settings by Resource Type report
  • Resources by Resource Type report

Developers

    Resource Type URI
    • tmod:@turbot/azure-iam#/resource/types/roleDefinition
    • Category URI
    • tmod:@turbot/turbot#/resource/categories/iam
    • GraphQL
    • query resource(id: "tmod:@turbot/azure-iam#/resource/types/roleDefinition") { … }
    • query resourceActivities(filter: "resourceId:'tmod:@turbot/azure-iam#/resource/types/roleDefinition'") { … }
    • mutation createResource(input: { … })
    • mutation updateResource(input: { … })
    • CLI
    • Get Resource
    • turbot graphql resource --id "tmod:@turbot/azure-iam#/resource/types/roleDefinition"
    • Steampipe Query
    • Get Resource
    • select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/azure-iam#/resource/types/roleDefinition';
      • Get Policy Settings (By Resource ID)
    • select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/azure-iam#/resource/types/roleDefinition"';
      • Get Resource Notification
    • select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/azure-iam#/resource/types/roleDefinition' and notification_type in ('resource_updated', 'resource_created');
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
50
Mods
207
Resource Types
3,612
Policies
1,957
Controls
103
Quick Actions
114
IAM