azure.roledefinition¶
Role definitions define sets of permissions that can be assigned to an identity.
- example:
Return role definitions that explicitly have the permission to read authorization objects (role assignments, role definitions, etc). If a role definition inherits permissions (e.g. by having * permissions) they are not returned in this filter.
policies:
- name: role-definition-permissions
resource: azure.roledefinition
filters:
- type: value
key: properties.permissions[0].actions
value: Microsoft.Authorization/*/read
op: contains