Query: azuread_authorization_policy_accessing_company_data_not_allowed

select
  tenant_id || '/' || id as resource,
  case
    when jsonb_array_length(
      default_user_role_permissions -> 'permissionGrantPoliciesAssigned'
    ) = 0 then 'ok'
    else 'alarm'
  end as status,
  case
    when jsonb_array_length(
      default_user_role_permissions -> 'permissionGrantPoliciesAssigned'
    ) = 0 then tenant_id || ' which is ' || lower(split_part(description, '.', 1)) || ' does not have Permission Grant Policies assigned.'
    else tenant_id || ' which is ' || lower(split_part(description, '.', 1)) || ' have Permission Grant Policies assigned.'
  end as reason,
  tenant_id as tenant_id
from
  azuread_authorization_policy;