🛡️ Azure Non-Privileged Role Assignments are not periodically reviewed🟢⚪
- Contextual name: 🛡️ Non-Privileged Role Assignments are not periodically reviewed🟢⚪
- ID:
/ce/ca/azure/subscription/non-privileged-role-assignments - Tags:
- Policy Type:
COMPLIANCE_POLICY - Policy Categories:
SECURITY
Description
Description
Perform a periodic review of non-privileged role assignments to ensure that the non-privileged roles assigned to users are appropriate.
Note: Determining 'appropriate' assignments requires a clear understanding of your organization's personnel, systems, policies, and security requirements. This cannot be effectively prescribed in a procedure.
Rationale
To ensure the principle of least privilege is followed, non-privileged role assignments should be reviewed periodically to confirm that users are granted only the minimum level of permissions they need to perform their tasks.
Impact
Increased administrative effort to manage and remove role assignments appropriately.
Audit
From Azure Portal
- Go to
Subscriptions.- Click the name of a subscription.
- Click
Access control (IAM).- Click
Role assignments.- Click
Job function roles.- For each role, ensure the assignments are appropriate.
- Repeat steps 1-6 for each subscription.
Default Value
Users do not have non-privileged roles assigned to them by default.
... see more
Remediation
Remediation
From Azure Portal
- Go to
Subscriptions.- Click the name of a subscription.
- Click
Access control (IAM).- Click
Role assignments.- Click
Job function roles.- Check the box next to any inappropriate assignments.
- Click
Delete.- Click
Yes.- Repeat steps 1-8 for each subscription.
policy.yaml
Linked Framework Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 CIS Azure v5.0.0 → 💼 5.3.7 Ensure all non-privileged role assignments are periodically reviewed (Manual) | 1 | no data | |||
| 💼 Cloudaware Framework → 💼 Role-Based Access Control (RBAC) Management | 18 | no data |