IAM misconfigurations

‘Key Vault Administrator’ role is assigned for user, group or application

Risk Level

Hazardous (3)

Compliance Frameworks


'Key Vault Administrator' role is used for performing all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets. In order to keep on security best practices, every Azure identity should be assigned with granular permissions.
  • Recommended Mitigation

    Remove the 'Key Vault Administrator' role assignment from {AzurePrincipal} identity, in scope level '{RoleAssignments.ScopeLevel}' - '{RoleAssignments.Scope}'. Then. replace it with more granular role.