turbot/azure_compliance

Query: iam_global_administrator_max_5

Usage

powerpipe query azure_compliance.query.iam_global_administrator_max_5

SQL

with distinct_tenant as (
select
distinct tenant_id,
title,
subscription_id,
_ctx
from
azure_tenant
)
select
t.tenant_id as resource,
case
when jsonb_array_length(member_ids) <= 5 then 'ok'
else 'alarm'
end as status,
t.title || ' has ' || (jsonb_array_length(member_ids)) || ' users with global administrator assignment.' as reason,
t.tenant_id
from
distinct_tenant as t,
azuread_directory_role
where
display_name = 'Global Administrator'

Controls

The query is being used by the following controls: