You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Most of our Azure permissions management is done through group membership and applied at Management Group level. This tool only seems to report on RBAC that is granted specifically at the subscription level rather than being inherited from Management Groups. Would it be possible to enhance it so that inherited permissions are covered too?
The text was updated successfully, but these errors were encountered:
Hi @rich-davies
Thanks for sharing this issue.
Yes, the AzureStealth scan checks the RBAC permissions of each Azure subscriptions and currently doesn't check inherited permissions from the Management Group level.
Nowadays, I can assume many organizations don't use Management Group permissions assignments, but we will want to help also the ones who do use them, and it might get more popular in the future.
We will add this as a feature request for future versions of the SkyArk.
Thanks,
Asaf
Most of our Azure permissions management is done through group membership and applied at Management Group level. This tool only seems to report on RBAC that is granted specifically at the subscription level rather than being inherited from Management Groups. Would it be possible to enhance it so that inherited permissions are covered too?
The text was updated successfully, but these errors were encountered: