我正在创建一个策略,以检查Azure存储帐户中的Blob容器访问级别是否设置为“匿名”。
这是我创建的策略。
{
"properties": {
"displayName": "check if Blob container access level is set to Anonymous",
"description": "check the container access level",
"mode": "all",
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Storage/storageAccounts/blobServices/containers"
},
{
"not": {
"field": "Microsoft.Storage/storageAccounts/containers/publicAccess",
"equals": "False"
}
}
]
},
"then": {
"effect": "Audit"
}
}
}
}
它无法检测到容器访问级别。
答案 0 :(得分:0)
正如issue所说,存储团队将在2020年6月30日之前释放存储帐户的公共访问权限设置。客户可以使用它来控制存储帐户中所有容器的公共访问权限。
After it's released on storage, we will work with Azure Policy team to integrate the setting with Azure Policy so customers can us Azure Policy to audit and govern public access across storage accounts.
我们竭尽所能,尽早提供上述功能。