Disabling Role-Based Access Control (RBAC) on Azure resources can reduce an organization’s ability to protect itself against access controls being compromised.
To be considered safe, access controls must follow the principle of least privilege and correctly segregate duties amongst users. RBAC helps enforce these practices by adapting the organization’s access control needs into explicit role-based policies: It helps keeping access controls maintainable and sustainable.
Furthermore, RBAC allows operations teams to work faster during a security incident. It helps to mitigate account theft or intrusions by quickly shutting down accesses.
There is a risk if you answered yes to any of those questions.
For AKS Azure Kubernetes Service:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.ContainerService/managedClusters",
"apiVersion": "2023-03-01",
"properties": {
"aadProfile": {
"enableAzureRBAC": false
},
"enableRBAC": false
}
}
]
}
For Key Vault:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2022-07-01",
"properties": {
"enableRbacAuthorization": false
}
}
]
}
For AKS Azure Kubernetes Service:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.ContainerService/managedClusters",
"apiVersion": "2023-03-01",
"properties": {
"aadProfile": {
"enableAzureRBAC": true
},
"enableRBAC": true
}
}
]
}
For Key Vault:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2022-07-01",
"properties": {
"enableRbacAuthorization": true
}
}
]
}