What about "source": "action" instead of "field": "<whatever>" ?

[jtuliani]

In various sources (for example, https://docs.microsoft.com/en-us/cli/azure/policy/definition?view=azure-cli-latest), I see policy definition examples that use the line "source": "action" instead of a "field" in the policy rule.

The ability to use "source": "action", assuming it works, is not documented on this page. Shouldn't it be?

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: d956852a-d98e-c022-d6f2-c2910afe6e93
• Version Independent ID: 8107b348-d2b4-214e-2b18-bf813f1fe1e8
• Content: Azure Policy definition structure
• Content Source: articles/azure-policy/policy-definition.md
• Service: azure-policy
• GitHub Login: @bandersmsft
• Microsoft Alias: banders

[bandersmsft]

#in-process
azure-policy

[Mike-Ubezzi-MSFT]

@jtuliani Thanks for the feedback! We are currently investigating and will update you shortly.

[bandersmsft]

We've updated the article to change the example from "source": "action", to "field": "type", since policy only evaluates on /write actions. "source": "action", becomes basically equivalent to “field”: “type”.

#please-close

[jtuliani]

Thanks. To clarify, are you saying that "source": "action" is deprecated?

[MohitGargMSFT]

@bandersmsft Please help respond on above.

[bandersmsft]

The source field is a supported, but probably isn't the best to show in programmatic examples. It only accepts one value of "action". It allows you to filter on the “Authorization Action” of the request. You can see various operations authorization actions in the activity log under authorization.action.

[jtuliani]

Thanks. That helps clarify.

Simply removing the example doesn't really work, since there are other examples all over the place (including in training materials, existing customer configurations that a new developer is trying to make sense of, etc)

If this is a supported syntax and behaviour, then it really should be documented--that was my original point, it's not described in the documentation that defines the policy definition syntax.

[bandersmsft]

@jtuliani I'll loop in the engineering team to see if they can assist.

[bandersmsft]

@jtuliani We're in the process of updating the article to add additional details and explanation around operators, conditions, fields, an effects in policy rules. Hopefully the updates will provide the clarity and level of detail you're looking for. The updated article should go live later today or Monday of next week. I'll reply here when it does.

[jtuliani]

Super, thanks Bill

[bandersmsft]

@jtuliani My pleasure. The article is now updated. Are you we good to close on this now?

[femsulu]

@jtuliani Now closing this thread. If there are further questions regarding this matter, please reopen it and we will gladly continue the discussion.

[jtuliani]

Looks good. My only suggestion would be that where the policy definition describes the "source": "action" option, it would be good to include the comment above that this is equivalent to "field": "type", without the '/write' on the field value.