Add paramaters to pull all RBAC roles to Run-SubscriptionScan and Sca… #17
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…n-AzureAdmins. Add Assignment to Azure Privileged Entity Results to for to identify where the Privilege is coming from
Desired Outcome
Allow for Scanning of All RBAC roles in Azure Subscription and easy identification of group that user is receiving the assignment via.
Implemented Changes
Describe how the desired outcome above has been achieved with this PR. In
particular, consider:
What's changed?
Run-SubscriptionScan changed to include an -AllRoles Parameter to scan all roles.
This parameter is supported by logic at lines 559 - 565 that grabs all roles. Original Logic is now in the else case below case.
Scan-AzureAdmins: -AllAzureRBACRoles Parameter added to surface new functionality
Add-PrivilegeAzureEntity - Added -PrivilegeGroup and -GroupPrivilege PrivilegeGroup refers to the group that has the privilege that user is recieving and GroupPrivilege is switch that exists to tell the cmdlet what to fill in new Assignment field
Run-SubscriptionScan has been updated so that it use Add-AzurePrivilegedEntity for Groups in the do while loop that processes groups.
Why were these changes made?_ To make this script more useful for auditing permissions and resolving.
How should the reviewer approach this PR, especially if manual tests are required?
Scan-AzureAdmins -ScanAllAzureRBACRoles to expose all roles
Are there relevant screenshots you can add to the PR description?
Connected Issue/Story
Resolves #[relevant GitHub issue(s), e.g. 76]
CyberArk internal issue link: insert issue ID
Definition of Done
At least 1 todo must be completed in the sections below for the PR to be
merged.
Changelog
CHANGELOG update
Test coverage
changes, or
Documentation
README
s) were updated in this PRBehavior
Security