Comments (3)
To use policies, you must be authenticated through RBAC. Specifically, your account needs the:
Microsoft.Authorization/policydefinitions/write permission to define a policy.
Microsoft.Authorization/policyassignments/write permission to assign a policy.
Microsoft.Authorization/policySetDefinitions/write permission to define an initiative.
Microsoft.Authorization/policyassignments/write permission to assign an initiative.
Is the ask to have built-in RBAC for this?
from azure-policy.
@krnese thank you for your response. The question would be related to UI in which the Access Control (IAM) navigation would be better to be added to the blade so Azure subscription administrator can see who has right on Azure Policy. It is like almost Azure services.
from azure-policy.
Noted. Nothing to share regarding this at this point.
from azure-policy.
Related Issues (20)
- HIPAA_HITRUST_audit : Diag settings for KeyVaults
- VirtualMachineBackup_Backup_DeployIfNotExists: Doesn't detect MicrosoftSQLServer on WS2022
- VirtualMachineWithTag_Backup_Deploy: Doesn't detect MicrosoftSQLServer on WS2022
- Can we have lessthan,greater than, lessthan or equalto, greater than equalto operators available in azure policies.
- MachineLearningServices_ComputeInstanceUpdates_Audit HOT 1
- Configure Linux virtual machine to run Azure Monitor Agent using system-assigned managed identity: fails with typeHandlerVersion invalid HOT 2
- How to properly assign this policy to both Windows & Linux
- Suggestion: KubernetesService/container-resource-limits
- [Preview]: Schedule recurring updates using Update Management Center
- Deploy SQL DB transparent data encryption includes Synapse workspace databases in managed RGs HOT 1
- Enforce Tag on Resource Groups
- Deploy Dependency agent to be enabled on Windows virtual machines with Azure Monitoring Agent settings: Update list of supported Windows OSes for Dependency agent
- AzureMonitor_DCRA_VM_Linux_Deploy: Potential bug with DCEs HOT 2
- MDC_DfSQL_DeployDefaultWorkspace: deployWorkspace property has too long prefix
- Request: DINE policy for private endpoint -> private DNS zone linking with static webapps HOT 6
- "Managed disks should disable public network access" Should Allow Disabling All Network Access
- Alias Request: Microsoft.RecoveryServices/vaults/resourceGuardProxies[*]/resourceGuardResourceId
- Azure SQL Database should be running TLS version 1.2 or newer: not working as expected HOT 1
- Policy: Require Encryption on Data Lake Store - needs Audit
- Start-AzPolicyRemediation: InvalidUpdateRemediationRequest HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from azure-policy.