Authentication

Ensure a Custom Role is Assigned Permissions for Administering Resource Locks

Platform(s)
Compliance Frameworks

Azure CIS, Brazilian General Data Protection (LGPD), CCM-CSA, CCPA, cis_8, CPRA, Data Security Posture Management (DSPM) Best Practices, essential_8_au, GDPR, HITRUST, iso_27001_2022, iso_27002_2022, Microsoft Cloud Security Benchmark, Mitre ATT&CK, New Zealand Information Security Manual, NIST 800-171, NIST 800-53, PDPA, pipeda, UK Cyber Essentials

Description

There is no custom role to administer resource locks. Azure resource locks allow you to protect sensitive resources from accidental changes or deletion. A tightly scoped resource lock administrator role has only the permissions required to manage resource locking and nothing more. In the absence of such a role, users may need to assume the ""Contributor"" or ""Owner"" roles to administer locks, which violates the principle of least privilege.
Need help?

Get a free Security Risk Assessment. Start today

A screenshot of the Orca platform dashboard summarizing all of your cloud security risks

Personalized Demo

See Orca Security in Action

Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.

Get a Demo