User has admin level privileges at the subscription scope

Docs > Plateforme de sécurité Datadog > OOTB Rules > User has admin level privileges at the subscription scope

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

This rule identifies when an Azure user has administrative-level permissions at the subscription scope.

Rationale

Administrative Azure role assignments at the subscription scope grant extensive privileges that can affect all resources within the subscription. This broad access increases the risk of accidental or malicious changes.

Remediation

Datadog recommends reducing the permissions and scope of a role assignment to the minimum necessary. Where possible, assign roles at the resource-group or individual-resource level and use built-in roles with limited privileges tailored to operational requirements.