Query: Audit usage of custom RBAC roles

Description

Audit built-in roles such as 'Owner, Contributor, Reader' instead of custom RBAC roles, which are error prone. Using custom roles is treated as an exception and requires a rigorous review and threat modeling.

Query

Tables used in this query:

• azure_role_definition
• azure_subscription

Controls using this query:

• Audit usage of custom RBAC roles

SQL