IAM misconfigurations

‘Key Vault Administrator’ role is assigned for user, group or application

Risk Level

Hazardous (3)



'Key Vault Administrator' role is used for performing all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets. In order to keep on security best practices, every Azure identity should be assigned with granular permissions.
  • Recommended Mitigation

    Remove the 'Key Vault Administrator' role assignment from {AzurePrincipal} identity, in scope level '{RoleAssignments.ScopeLevel}' - '{RoleAssignments.Scope}'. Then. replace it with more granular role.