Checks/Azure/Test-AppFunctionIdentityWithoutAdminPrivileges.ps1
|
function Test-AppFunctionIdentityWithoutAdminPrivileges { <# .SYNOPSIS Function app managed identity is not assigned Owner, Contributor, User Access Administrator, or Role Based Access Control Administrator roles .DESCRIPTION **Azure Function apps** with managed identities are evaluated for assignments to broad **administrative roles**: **Owner**, **Contributor**, **User Access Administrator**, **RBAC Administrator**. The finding highlights functions whose identity carries elevated permissions beyond normal runtime needs. .PARAMETER Check CIEMCheck object containing check metadata. #> [CmdletBinding()] [OutputType([PSCustomObject[]])] param( [Parameter(Mandatory)] [CIEMCheck]$Check ) $ErrorActionPreference = 'Stop' # TODO: Implement check logic based on Prowler check: app_function_identity_without_admin_privileges [CIEMScanResult]::Create($Check, 'MANUAL', 'This check requires manual implementation. See Prowler check app_function_identity_without_admin_privileges for reference.', 'N/A', 'app Resources') } |