Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Incorerct role definition ID for policy "Deploy Resource Lock on RGs - tag exclusion"? #412

Closed
kamfaima opened this issue Dec 18, 2023 · 1 comment · Fixed by #413
Closed

Comments

@kamfaima
Copy link

For the policy definition policyDefinitions/General/deploy-resource-lock-on-rgs-tag-exclusion/azurepolicy.json, is the role defintion correct?

In the code, it has:

"/providers/Microsoft.Authorization/roleDefinitions/35b50af1-b556-492f-8595-cbf5cb531055"

But I cannot see any built-in role (https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles) with the role Id of 35b50af1-b556-492f-8595-cbf5cb531055.

Assuming this code is sourced from https://github.com/grabery/graber.cloud-azure-templates/blob/main/gov/policies/audit-and-deploy-resource-lock/azdeploy.json, then that definition uses a role Id of 8e3af657-a8ff-443c-a75c-2fe8c4bcb635, i.e. Owner.

@aschabus
Copy link
Collaborator

@kamfaima thanks for letting us know

aschabus added a commit that referenced this issue Jan 17, 2024
Fix/#412 incorrect role definition & change evaluationDelay to AfterProvisioning
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
2 participants