What are Assignments?
  • 03 Oct 2022
  • 1 Minute to read
  • Contributors
  • Dark
    Light
  • PDF

What are Assignments?

  • Dark
    Light
  • PDF

Introduction

Policies in Serverless360 allows users to manage policy and initiative assignments, it also facilitates generating documents regarding the assignment compliance.

Assignment

An assignment is a policy definition or initiative that is assigned to a specific scope. The scope refers to all the resources, resource groups, subscriptions, or management groups. Assignments are inherited by all child resources which means that a definition applied to a resource group is also applied to resources in that resource group.

Policy assignments always use the latest state of their assigned definition or initiative when evaluating resources. If a policy definition that is already assigned is changed all existing assignments of that definition will use the updated logic when evaluating.

It takes around 30 minutes for the assignment to be applied to the defined scope. Once it's applied, the evaluation cycle begins for resources within that scope against the newly assigned policy or initiative and, depending on the effects used by the policy or initiative, resources are marked as compliant, non-compliant, or exempt.

Permissions required

The Resource Policy Contributor role includes most of the Azure Policy operations. The Contributor role can't create or update assignments. The User Access Administrator role is necessary to grant the managed identity on deployIfNotExists or modify assignments necessary permissions. If none of the built-in roles have the permissions required, create a custom role.

Assignment.png

Note: The assignments, will be readable to all roles over its scope.


Was this article helpful?