Resource Type: Azure > IAM > Role Definition
Role definition for the Azure IAM Service
Resource Context
Role Definition is a part of the IAM service.
Each Role Definition lives under a Subscription.
Controls
The primary controls for Azure > IAM > Role Definition are:
It is also targeted by these controls:
- Azure > CIS v1 > 1 Identity and Access Management > 1.23 Ensure that no custom subscription owner roles are created (Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.21 - Ensure that no custom subscription owner roles are created (Scored)
- Azure > CIS v1.2 > 1 - Identity and Access Management > 1.23 - Ensure Custom Role is assigned for Administering Resource Locks (Not Scored)
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.23 - Ensure That No Custom Subscription Administrator Roles Exist
- Azure > CIS v2.0 > 01 - Identity and Access Management > 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks
Category
In Your Workspace
- Controls by Resource Type report
- Policy Settings by Resource Type report
- Resources by Resource Type report
Developers
- tmod:@turbot/azure-iam#/resource/types/roleDefinition
- tmod:@turbot/turbot#/resource/categories/iam
- turbot graphql resource --id "tmod:@turbot/azure-iam#/resource/types/roleDefinition"
Get Resource- select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/azure-iam#/resource/types/roleDefinition';
- select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/azure-iam#/resource/types/roleDefinition"';
- select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/azure-iam#/resource/types/roleDefinition' and notification_type in ('resource_updated', 'resource_created');
Get ResourceGet Policy Settings (By Resource ID)Get Resource Notification
Resource Type URI
Category URI
GraphQL
CLI
Steampipe Query