Authentication

Ensure Custom Role administrative resource lock is assigned

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

There is no custom role to administer resource locks. Azure resource locks allow you to protect sensitive resources from accidental changes or deletion. A tightly scoped resource lock administrator role has only the permissions required to manage resource locking and nothing more. In the absence of such a role, users may need to assume the ÒContributorÓ or ÒOwnerÓ roles to administer locks, which violates the principle of least privilege.

  • Recommended Mitigation

    Define a tightly scoped custom role for managing resource locks while following the principle of least privilege. The role, and nothing but this role, should then always be used while administering resource locks.

Need help?

Get a free Security Risk Assessment. Start today

Orca Security Demo Demo the Orca Platform-> In just 10 minutes, you’ll see how Orca Security can revolutionize your cloud security strategy. Watch a recorded demo from a cloud security expert now.