Roles limited to the required actions
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | authorization |
| Provider | Azure |
Description#
The role definition grants wildcard permissions ("*") across all actions and scopes, allowing the role to perform any operation without restriction. This violates the principle of least privilege and creates overly broad access.
Impact#
If exploited, attackers or unauthorized users with this role could perform any action on the subscription, including modifying resources, accessing sensitive data, or disrupting services, significantly increasing the risk of account compromise and data breaches.
Resolution#
Use targeted permissions for roles