Azure RBAC 的 Azure Policy 内置定义Azure Policy built-in definitions for Azure RBAC

此页是 Azure RBAC 的 Azure Policy 内置策略定义的索引。This page is an index of Azure Policy built-in policy definitions for Azure RBAC. 有关其他服务的其他 Azure Policy 内置定义,请参阅 Azure Policy 内置定义For additional Azure Policy built-ins for other services, see Azure Policy built-in definitions.

每个内置策略定义链接(指向 Azure 门户中的策略定义)的名称。The name of each built-in policy definition links to the policy definition in the Azure portal. 使用“版本”列中的链接查看 Azure Policy GitHub 存储库上的源。Use the link in the Version column to view the source on the Azure Policy GitHub repo.

Azure RBACAzure RBAC

名称Name
(Azure 门户)(Azure portal)
说明Description 效果Effect(s) 版本Version
(GitHub)(GitHub)
审核自定义 RBAC 规则的使用情况Audit usage of custom RBAC rules 审核“所有者、参与者、读者”等内置角色而不是容易出错的自定义 RBAC 角色。Audit built-in roles such as 'Owner, Contributer, Reader' instead of custom RBAC roles, which are error prone. 使用自定义角色被视为例外,需要进行严格的审查和威胁建模Using custom roles is treated as an exception and requires a rigorous review and threat modeling Audit、DisabledAudit, Disabled 1.0.01.0.0
不应存在自定义订阅所有者角色Custom subscription owner roles should not exist 此策略确保不存在自定义订阅所有者角色。This policy ensures that no custom subscription owner roles exist. Audit、DisabledAudit, Disabled 2.0.02.0.0

后续步骤Next steps