governance_rules
Creates, updates, deletes, gets or lists a governance_rules resource.
Overview
| Name | governance_rules |
| Type | Resource |
| Id | azure.security.governance_rules |
Fields
- vw_governance_rules
- governance_rules
| Name | Datatype | Description |
|---|---|---|
id | text | Resource Id |
name | text | Resource name |
description | text | field from the properties object |
condition_sets | text | field from the properties object |
display_name | text | field from the properties object |
excluded_scopes | text | field from the properties object |
governance_email_notification | text | field from the properties object |
include_member_scopes | text | field from the properties object |
is_disabled | text | field from the properties object |
is_grace_period | text | field from the properties object |
metadata | text | field from the properties object |
owner_source | text | field from the properties object |
remediation_timeframe | text | field from the properties object |
ruleId | text | field from the properties object |
rule_priority | text | field from the properties object |
rule_type | text | field from the properties object |
scope | text | field from the properties object |
source_resource_type | text | field from the properties object |
tenant_id | text | field from the properties object |
type | text | Resource type |
| Name | Datatype | Description |
|---|---|---|
id | string | Resource Id |
name | string | Resource name |
properties | object | Describes properties of an governance rule |
type | string | Resource type |
Methods
| Name | Accessible by | Required Params | Description |
|---|---|---|---|
get | SELECT | ruleId, scope | Get a specific governance rule for the requested scope by ruleId |
list | SELECT | scope | Get a list of all relevant governance rules over a scope |
create_or_update | INSERT | ruleId, scope | Creates or updates a governance rule over a given scope |
delete | DELETE | ruleId, scope | Delete a Governance rule over a given scope |
execute | EXEC | ruleId, scope | Execute a governance rule |
operation_results | EXEC | operationId, ruleId, scope | Get governance rules long run operation result for the requested scope by ruleId and operationId |
SELECT examples
Get a list of all relevant governance rules over a scope
- vw_governance_rules
- governance_rules
SELECT
id,
name,
description,
condition_sets,
display_name,
excluded_scopes,
governance_email_notification,
include_member_scopes,
is_disabled,
is_grace_period,
metadata,
owner_source,
remediation_timeframe,
ruleId,
rule_priority,
rule_type,
scope,
source_resource_type,
tenant_id,
type
FROM azure.security.vw_governance_rules
WHERE scope = '{{ scope }}';
SELECT
id,
name,
properties,
type
FROM azure.security.governance_rules
WHERE scope = '{{ scope }}';
INSERT example
Use the following StackQL query and manifest file to create a new governance_rules resource.
- All Properties
- Manifest
/*+ create */
INSERT INTO azure.security.governance_rules (
ruleId,
scope,
properties
)
SELECT
'{{ ruleId }}',
'{{ scope }}',
'{{ properties }}'
;
- name: your_resource_model_name
props:
- name: properties
value:
- name: tenantId
value: string
- name: displayName
value: string
- name: description
value: string
- name: remediationTimeframe
value: string
- name: isGracePeriod
value: boolean
- name: rulePriority
value: integer
- name: isDisabled
value: boolean
- name: ruleType
value: string
- name: sourceResourceType
value: string
- name: excludedScopes
value:
- string
- name: conditionSets
value:
- []
- name: includeMemberScopes
value: boolean
- name: ownerSource
value:
- name: type
value: string
- name: value
value: string
- name: governanceEmailNotification
value:
- name: disableManagerEmailNotification
value: boolean
- name: disableOwnerEmailNotification
value: boolean
- name: metadata
value:
- name: createdBy
value: string
- name: createdOn
value: string
- name: updatedBy
value: string
- name: updatedOn
value: string
- name: id
value: string
- name: name
value: string
- name: type
value: string
DELETE example
Deletes the specified governance_rules resource.
/*+ delete */
DELETE FROM azure.security.governance_rules
WHERE ruleId = '{{ ruleId }}'
AND scope = '{{ scope }}';