Closed azarboon closed 1 week ago
@azarboon : Thanks for your contribution! The author(s) have been notified to review your proposed change.
Learn Build status updates of commit db866ba:
File | Status | Preview URL | Details |
---|---|---|---|
articles/governance/policy/overview.md | :white_check_mark:Succeeded |
For more details, please refer to the build report.
For any questions, please:
@davidsmatlak
#sign-off
in a comment or the approval may get overlooked.@MicrosoftDocs/public-repo-pr-review-team
Thanks for the contribution. I'm not going to merge the change but I created an internal backlog work item to review your suggestion for a future update.
Do not merge
For the sake of clarity, following should be clearly stated in this page. Currently, to find this out, one has to dig out the doc and already be aware of "policy layering", then google it then to find it out.
"If you have multiple policies, cumulative most restrictive permission will be applied. A single Deny policy trumps all Allowed policies within the within scope hierarchy. For example, if you have a Deny policy in Tenant Management Group that prevents creation of virtual networks but its subordinate management groups and subscriptions have explicit Allowed policy for virtual networks, you won't be able to create any virtual network."