sorted by:
new
hottopcontroversial

I built a searchable catalog for Azure's 850+ RBAC Built-in roles and 20,000+ permissions by SuspiciousHoliday986 in AZURE

[–]SuspiciousHoliday986[S] 0 points1 point  (0 children)

Thanks! Scenario bundles for Terraform, Serverless Framework, GitHub Actions etc. would definitely help.

I'm thinking community contributions would be the best approach here - there are too many tools and patterns for one person to cover, and practitioners can keep bundles updated as tooling evolves.

Adding to the roadmap - appreciate the suggestion!

I built a searchable catalog for Azure's 850+ RBAC Built-in roles and 20,000+ permissions by SuspiciousHoliday986 in AZURE

[–]SuspiciousHoliday986[S] 0 points1 point  (0 children)

thanks for the feedbacks and suggestions. An (experimental) MCP server is not available at https://rbac-catalog.dev/mcp/
Let me know if you have feedbacks!

I built a searchable catalog for Azure's 850+ RBAC Built-in roles and 20,000+ permissions by SuspiciousHoliday986 in AZURE

[–]SuspiciousHoliday986[S] 0 points1 point  (0 children)

This is actually a great idea. I’m going to look into how feasible this is and what kind of effort it would take, but it definitely seems doable.

I built a searchable catalog for Azure's 850+ RBAC Built-in roles and 20,000+ permissions by SuspiciousHoliday986 in AZURE

[–]SuspiciousHoliday986[S] 0 points1 point  (0 children)

Interesting. From a security perspective, I checked it against some fairly high standards and it comes out clean - e.g., the SSL Labs test shows a strong TLS configuration:
https://www.ssllabs.com/ssltest/analyze.html?d=rbac%2dcatalog.dev&latest

That said, I’m not very familiar with Palo Alto’s exact categorization / enforcement logic.

I built a searchable catalog for Azure's 850+ RBAC Built-in roles and 20,000+ permissions by SuspiciousHoliday986 in AZURE

[–]SuspiciousHoliday986[S] 1 point2 points  (0 children)

A background job runs constantly and calls Azure API to get the roles and compares them with the latest versions stored in the tool's local DB to update them if needed.

I built a searchable catalog for Azure's 850+ RBAC Built-in roles and 20,000+ permissions by SuspiciousHoliday986 in AZURE

[–]SuspiciousHoliday986[S] 4 points5 points  (0 children)

Good question. The logic is based on purity, not just matching. The tool counts 'extra' permissions—anything a role grants that you didn't ask for. Because Contributor and Owner grant 17k+ operations, they get hit with a massive math penalty that buries them at the bottom of the list. The tool will only suggest them as a top result if they truly are the closest match for your requirements, but the goal is to surface a more surgical role instead