modules/Azure/Checks/Test-IamCustomRoleHasPermissionsToAdministerResourceLocks.ps1
|
function Test-IamCustomRoleHasPermissionsToAdministerResourceLocks { <# .SYNOPSIS Custom role has permission to administer resource locks .DESCRIPTION **Azure custom RBAC roles** include the `Microsoft.Authorization/locks/*` action, indicating permission to administer **management locks** at subscription, resource group, or resource scope. .PARAMETER Check CIEMCheck object containing check metadata. #> [CmdletBinding()] [OutputType([PSCustomObject[]])] param( [Parameter(Mandatory)] $Check ) $ErrorActionPreference = 'Stop' # TODO: Implement check logic based on Prowler check: iam_custom_role_has_permissions_to_administer_resource_locks [CIEMScanResult]::Create($Check, 'MANUAL', 'This check requires manual implementation. See Prowler check iam_custom_role_has_permissions_to_administer_resource_locks for reference.', 'N/A', 'iam Resources') } |