Why can't security administrator see resources in a subscription?
I have Security administrator role on a subscription. Now, what I want to see is the resources available in the subscription to know the attack surface, but when I go to the resources tab, I see nothing Or if I check the VMs tab I cannot see any VM (even though they're available). Similarly, on the defender plans page, it shows all the resources as 0 whereas that's not the case.
Why being a security admin I cant see this data? Doesn't it come under my scope? If not, then what additional role I need to see this data. Obviously, I can't ask for Contributor consider the least privilege principle
I tried accessing resource details but couldn't. I was expecting to have access to this data as a security admin.
Note that: Security Administrator role will be able to read security information and reports and manage configuration in Microsoft Entra ID and Office 365 but not to view Azure resources. Check this MsDoc.
- The Security Administrator role does not provide access to view all resources in the subscription.
Hence assign Reader role to the user at subscription scope or resource group scope based on your requirement:
Now I am able to view the resources:
If you want to manage resources, then you have to assign contributor/owner role to the user.
Reference:
- KeyCloak Java Service Account Create User
- Windows Property Pages: Domain Path Not Shown on Security Tab
- How do I keep a log of all user requests for a specific route properly?
- Session Fixation in ASP.NET
- How to give non-root user in Docker container access to a volume mounted on the host
- Are HTTP cookies port specific?
- What security problems could come from exposing phpinfo() to end users?
- This document requires 'TrustedScriptURL' assignment
- Is there an equivalent to yaml.safe_load in Ruby?
- How to stop fiddler to see HTTPS data between my iOS app and server
- Content Security Policy report-uri is not being recognized
- Customize android app preview when it is in background with secure flag
- The app's Info.plist must contain an NSMicrophoneUsageDescription key with a string value explaining to the user how the app uses this data
- Preventing session hijacking
- Disable TLS 1.0 & 1.1 OR only use TLS 1.2 and greater in Node.js Express
- Is passing application configuration in stdin a secure alternative to environment variables?
- CORS - localhost as allowed origin in production
- How to resolve eslint errors due to use of the html() method in jquery libraries when running security scans with Github advanced security?
- Attacking Python's pickle
- RSA Signature performance
- How to set environment variables in a Google Cloud VM (Ubuntu) for Django project without exposing sensitive information?
- How to prevent terraform developers from viewing secrets with the nonsensitive function
- why ghc does not support PIE and Full RelRO in linux?
- Implications of deploying a Debug build of an application?
- Looking for a safe, portable password-storage method
- NoSQL Database for Banking System
- Algid parse error, not a sequence
- Addressing critical vulnerabilities in Maven dependencies
- Vulnerability in ASP.NET Core 6.0 Web API when the library is not directly installed?
- Mitigating vulnerability in runtime libraries