prmerger-automator[bot]
commented
1 week ago @azarboon : Thanks for your contribution! The author(s) have been notified to review your proposed change.
Closed azarboon closed 1 week ago
prmerger-automator[bot]
commented
1 week ago @azarboon : Thanks for your contribution! The author(s) have been notified to review your proposed change.
learn-build-service-prod[bot]
commented
1 week ago Learn Build status updates of commit db866ba:
| File | Status | Preview URL | Details |
|---|---|---|---|
| articles/governance/policy/overview.md | :white_check_mark:Succeeded |
For more details, please refer to the build report.
For any questions, please:
Jak-MS
commented
1 week ago @davidsmatlak
#sign-off in a comment or the approval may get overlooked.@MicrosoftDocs/public-repo-pr-review-team
davidsmatlak
commented
1 week ago Thanks for the contribution. I'm not going to merge the change but I created an internal backlog work item to review your suggestion for a future update.
davidsmatlak
commented
1 week ago Do not merge
For the sake of clarity, following should be clearly stated in this page. Currently, to find this out, one has to dig out the doc and already be aware of "policy layering", then google it then to find it out.
"If you have multiple policies, cumulative most restrictive permission will be applied. A single Deny policy trumps all Allowed policies within the within scope hierarchy. For example, if you have a Deny policy in Tenant Management Group that prevents creation of virtual networks but its subordinate management groups and subscriptions have explicit Allowed policy for virtual networks, you won't be able to create any virtual network."