Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permissions inherited from Management Groups not shown #10

Open
rich-davies opened this issue Aug 7, 2020 · 2 comments
Open

Permissions inherited from Management Groups not shown #10

rich-davies opened this issue Aug 7, 2020 · 2 comments

Comments

@rich-davies
Copy link

Most of our Azure permissions management is done through group membership and applied at Management Group level. This tool only seems to report on RBAC that is granted specifically at the subscription level rather than being inherited from Management Groups. Would it be possible to enhance it so that inherited permissions are covered too?
@Hechtov
Copy link
Collaborator

Hechtov commented Aug 18, 2020

Hi @rich-davies
Thanks for sharing this issue.
Yes, the AzureStealth scan checks the RBAC permissions of each Azure subscriptions and currently doesn't check inherited permissions from the Management Group level.
Nowadays, I can assume many organizations don't use Management Group permissions assignments, but we will want to help also the ones who do use them, and it might get more popular in the future.
We will add this as a feature request for future versions of the SkyArk.
Thanks,
Asaf

@ErikMogensen
Copy link

+1 for that feature

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ErikMogensen @Hechtov @rich-davies