Role Assignment Of Guest Users

  • Query id: 2bc626a8-0751-446f-975d-8139214fc790
  • Query name: Role Assignment Of Guest Users
  • Platform: Terraform
  • Severity: High
  • Category: Access Control
  • URL: Github

Description

There is a role assignment for guest user
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - tf file
resource "azurerm_role_assignment" "positive1" {
  scope                = data.azurerm_subscription.primary.id
  role_definition_name = "Guest"
  principal_id         = data.azurerm_client_config.example.object_id
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "azurerm_role_assignment" "negative1" {
  scope                = data.azurerm_subscription.primary.id
  role_definition_name = "Reader"
  principal_id         = data.azurerm_client_config.example.object_id
}