If a MI is a rg owner but not a sub owner, CheckIsOwner should return false. More concisely, if the MI has owner role on ANY resource EXCEPT subscription, CheckIsOwner should fail. Also, if MI has owner role on NO resource, CheckIsOwner should fail.
Actual Behavior
If MI has resource owner on resources other than the subscription, CheckIsOwner returns true.
sebastus
commented
3 years ago
Expected Behavior
If a MI is a rg owner but not a sub owner, CheckIsOwner should return false. More concisely, if the MI has owner role on ANY resource EXCEPT subscription, CheckIsOwner should fail. Also, if MI has owner role on NO resource, CheckIsOwner should fail.
Actual Behavior
If MI has resource owner on resources other than the subscription, CheckIsOwner returns true.