This repo is for Microsoft Azure customers and Microsoft teams to collaborate in making custom policies.
615
stars
322
forks
source link
Incorerct role definition ID for policy "Deploy Resource Lock on RGs - tag exclusion"? #412
Closed
kamfaima closed 7 months ago
For the policy definition
policyDefinitions/General/deploy-resource-lock-on-rgs-tag-exclusion/azurepolicy.json
, is the role defintion correct?In the code, it has:
But I cannot see any built-in role (https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles) with the role Id of
35b50af1-b556-492f-8595-cbf5cb531055
.Assuming this code is sourced from https://github.com/grabery/graber.cloud-azure-templates/blob/main/gov/policies/audit-and-deploy-resource-lock/azdeploy.json, then that definition uses a role Id of
8e3af657-a8ff-443c-a75c-2fe8c4bcb635
, i.e. Owner.