Role Assignment Of Guest Users

• Query id: 2bc626a8-0751-446f-975d-8139214fc790
• Query name: Role Assignment Of Guest Users
• Platform: Terraform
• Severity: High
• Category: Access Control
• URL: Github

Description

There is a role assignment for guest user
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - tf file

resource "azurerm_role_assignment" "positive1" {
  scope                = data.azurerm_subscription.primary.id
  role_definition_name = "Guest"
  principal_id         = data.azurerm_client_config.example.object_id
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "azurerm_role_assignment" "negative1" {
  scope                = data.azurerm_subscription.primary.id
  role_definition_name = "Reader"
  principal_id         = data.azurerm_client_config.example.object_id
}