I have a user with the policy below, where he does not have permission to add/remove security-list.
"Allow group XPTO to manage vcns in tenancy where ANY {request.operation = 'CreateNetworkSecurityGroup',request.operation = 'DeleteNetworkSecurityGroup'}"
The scenario is that if I try to create a security-list I get an error due to lack of permission and this is correct. However, if I try to remove a security-list the resource is removed in TFstate, but the resource is not deleted due to lack of permission in the tenancy.
It does not check if he has permission to remove, does not validate if the resource was actually deleted, and does not validate if there is a dependency that prevents the deletion of the resource.
I have a user with the policy below, where he does not have permission to add/remove security-list.
The scenario is that if I try to create a security-list I get an error due to lack of permission and this is correct. However, if I try to remove a security-list the resource is removed in TFstate, but the resource is not deleted due to lack of permission in the tenancy.
It does not check if he has permission to remove, does not validate if the resource was actually deleted, and does not validate if there is a dependency that prevents the deletion of the resource.