Example end-to-end Governance Model from CI/CD to Azure Resource Manager. Use this project to deploy example AAD, ARM and Azure DevOps resources to learn about e2e RBAC.
MIT License
189
stars
93
forks
source link
Fix overlapping roles in AzureDevOps that leads to unexpected permissions #13
We need a 3rd AAD group per domain because Azure DevOps uses least permissions model whereas ARM uses additive permissions model.
In current code, veggie-admins would not receive Administrator permissions because they are also members of veggies, which per least permissions model results in only Contributor permissions.
We need a 3rd AAD group per domain because Azure DevOps uses least permissions model whereas ARM uses additive permissions model.
In current code,
veggie-admins
would not receive Administrator permissions because they are also members ofveggies
, which per least permissions model results in only Contributor permissions.See issue #12 for details.