modules/Devolutions.CIEM.Graph/Data/attack_path_remediation_scripts/service-principal-holding-owner-role-on-a-subscription.ps1
|
<# .SYNOPSIS Remediates the attack path finding "{{PATTERN_NAME}}". .DESCRIPTION This generated remediation script targets the specific attack path chain below: {{PATH_CHAIN}} It removes Azure RBAC role assignments that grant Owner-level subscription access to a service principal. The commands are generated from the role assignment edges in the finding and execute with the Azure REST API under the selected CIEM authentication profile context. Review the service principal and role scope before running the script, then rerun Azure discovery to confirm the attack path is gone. #> {{ROLE_ASSIGNMENT_DELETE_COMMANDS}} |