Secure Score - Custom RBAC

%3CLINGO-SUB%20id%3D%22lingo-sub-1592804%22%20slang%3D%22en-US%22%3ESecure%20Score%20-%20Custom%20RBAC%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1592804%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20it%20possible%20to%20create%20a%20custom%20RBAC%20role%20which%20only%20allows%20a%20user%20to%20work%20with%20Secure%20Score%20data%20(e.g%20view%2Fexport%20data%20and%20add%2Fedit%20status%20updates%2Fnotes)%3F%20I%20want%20the%20user%20to%20perform%20these%20tasks%20but%20don't%20want%20them%20to%20have%20security-related%20permissions%20outside%20Secure%20Score.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESecurity%20Operator%20allows%20read%2Fexport%20but%20doesn't%20allow%20status%2Fnotes%20updates.%20Security%20Admin%20allows%20the%20latter%20but%20provides%20a%20raft%20of%20additional%20permissions%20which%20is%20undesirable.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20not%20been%20able%20to%20find%20any%20documentation%20about%20creating%20custom%20RBAC%20roles%20for%20use%20with%20Secure%20Score.%20Does%20anyone%20know%20if%20this%20is%20possible%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1593530%22%20slang%3D%22en-US%22%3ERe%3A%20Secure%20Score%20-%20Custom%20RBAC%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1593530%22%20slang%3D%22en-US%22%3E%3CP%3EAfaik%20no%2C%20you%20need%20to%20select%20one%20of%20the%20predefined%20roles%20that%20allows%20%22write%22%20access%20to%20Secure%20score.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1595822%22%20slang%3D%22en-US%22%3ERe%3A%20Secure%20Score%20-%20Custom%20RBAC%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1595822%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3BI%20suspected%20as%20much.%20Far%20from%20ideal.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi,

 

Is it possible to create a custom RBAC role which only allows a user to work with Secure Score data (e.g view/export data and add/edit status updates/notes)? I want the user to perform these tasks but don't want them to have security-related permissions outside Secure Score.

 

Security Operator allows read/export but doesn't allow status/notes updates. Security Admin allows the latter but provides a raft of additional permissions which is undesirable.

 

I've not been able to find any documentation about creating custom RBAC roles for use with Secure Score. Does anyone know if this is possible?

 

Thanks.

2 Replies

Afaik no, you need to select one of the predefined roles that allows "write" access to Secure score.

@Vasil Michev I suspected as much. Far from ideal.