fix(azure): custom Prowler Role for Azure assignableScopes (#6149)

2026-01-25 02:08:11 +00:00 · 2024-12-16 08:34:17 +01:00
parent 5b0b85c0f8
commit 9d7499b74f
2 changed files with 3 additions and 1 deletions
--- a/permissions/prowler-azure-custom-role.json
+++ b/permissions/prowler-azure-custom-role.json
@@ -3,7 +3,7 @@
    "roleName": "ProwlerRole",
    "description": "Role used for checks that require read-only access to Azure resources and are not covered by the Reader role.",
    "assignableScopes": [
-      "/"
+      "/{'subscriptions', 'providers/Microsoft.Management/managementGroups'}/{Your Subscription or Management Group ID}"
    ],
    "permissions": [
      {