https://www.permit.io/blog/best-practices-for-authorization-in-python
#abac #access #anti #application #authorization #control #discover #implementation #pattern #permit #practice #python #rbac

👮 Learn how to easily find a fitting Azure RBAC role for your task and following the Least Privilege Principle in this post.

#azure #rbac #cloudsecurity

https://christoph.vollmann.co/2023/07/find-azure-rbac-roles-with-specific-permissions/

C’è competizione nel cybercrime per l’acquisizione dei cluster Kubernetes per minare criprovaluta

Gli #specialisti della società di #sicurezza Aqua hanno scoperto una campagna su larga scala in cui gli aggressori utilizzano la policy #Kubernetes Role Based Access Control (#RBAC) per creare delle #backdoor ed eseguire #miner di #criptovaluta.

Gli aggressori hanno anche distribuito DaemonSet per rubare risorse dai cluster Kubernetes presi di mira, affermano gli #esperti. Sono stati trovati 60 cluster non protetti utilizzati dagli hacker.

#redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #privacy #infosecurity

https://www.redhotcyber.com/post/ce-competizione-nel-cybercrime-per-lacquisizione-dei-cluster-kubernetes-per-minare-criprovaluta/

Is there a better way in #AzureAD to implement #RBAC and not to use #ADGLP? I stumble on more an more examples where nested groups are not supported (e.g. licenses and OAuth) #Microsoft #InfoSec #O365 #Azure

Einfach ein ClusterRoleBinding mit cluster-admin-Rolle anlegen ist das "mach doch einfach chmod 777" der Kubernetes-Tutorials. #k8s #RBAC #admin

✍️ As blog subjects go, security is not always an exciting one 😴. But I enjoyed writing this for the excuse that it gave me to see how **#lakeFS** worked for different types of users (and of course play around with **#DuckDB** some more 🦆)

Check it out and let me know what you think: 👇🏻

https://lakefs.io/blog/security-in-lakefs-understanding-role-based-access-control-rbac/

**#DataEngineering** **#lakeFS** **#DuckDB** **#RBAC** **#Security**

Lost in the Kubernetes RBAC maze? 🤔 An RBAC visualizer can light the way! 🌟 Gain clarity on user privileges, declutter roles, and boost your cluster's security game! 🔐 #Kubernetes #RBAC #SecurityManagement https://cybersec.armosec.io/s/visualizing-rbac-for-improved-security-management-and-outcomes-7702

@jrefior RBAC is easier for most organisations yet there's quickly the risk of role combinatorial explosion and then it falls short.

ABAC is interesting when data quality is *really* understood as a key prerequisite and actually correctly measured and enforced.

#rbac #abac

Today we posted a blog about #holacracy and #IAM / #RBAC. There are some challenges in managing authorizations in non-hierarchical environments. We are working on solving some of these issues, but we're not done yet. Anyway, enjoy the read!

https://www.sonicbee.nl/en/working-holocratic-and-iam-that-doesnt-work-together-does-it/
#idpro #digitalidentity #infosec

Today we posted a blog about #holacracy and #IAM / #RBAC. There are some challenges in managing authorizations in non-hierarchical environments. We are working on solving some of these issues, but we're not done yet. Anyway, enjoy the read!

https://www.sonicbee.nl/en/working-holocratic-and-iam-that-doesnt-work-together-does-it/
#idpro #digitalidentity

Mitigating #RBAC-Based Privilege Escalation in Popular #Kubernetes Platforms

Via
https://unit42.paloaltonetworks.com/kubernetes-privilege-escalation/

With the new #Microsoft365 #Defender #RBAC model you can unify permissions across all Microsoft 365 Defenders - Defender for Office 35, Defender for Identity, and Defender for Endpoint to help the Security Operations Center (SOC) increase productivity across the various Microsoft Defender products. While Defender for Cloud Apps is not covered in this initial preview, it will be added to the new RBAC model in the future.

And, of course, it works along the existing RBAC for individual services. #microsoft #security #cloud #securitynews https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/centrally-manage-permissions-with-the-microsoft-365-defender/ba-p/3707825

Updated to .NET 7

ASP.NET Core Azure Storage Secure Files

https://github.com/damienbod/AspNetCoreAzureAdAzureStorage

#aspnetcore #dotnet #blob #azuread #oauth #rbac #groups #authz

#Teammates past and present confirmed the solution to my #rbac #racecondition woes. Got it implemented, got the #operator installed in the #kubernetes cluster, and got that first line-of-business #workload deployed via its pipeline, without any modifications from developers.

Tomorrow we try to get the other 80+ workloads deployed into that cluster. Automator gonna #automate.

But for now, there is #soup. Tasty, comforting soup on a chilly day.

You know something is #hinky when the #operator you installed in the #kubernetes cluster to make #rbac easier is in a #racecondition against fairly ordinary #kustomize stacks that manage service accounts in namespaces where business workloads will actually run. Because arbitrarily changing service account tokens is exactly what I want to #debug on my first day back from a long break. 🙃 It’s important work for the cluster, but it doesn’t feel like progress.

I wrote an article for the #IDPro Body of Knowledge about the concept of Business to IT alignment. In my opinion failing alignment is the root cause for the lack of success for most IAM programs. Direct access to the article on the SonicBee website:
https://www.sonicbee.nl/en/strategic-alignment-and-access-governance/

Direct access to the IDPro BoK: https://idpro.org/body-of-knowledge/

And to become member of the community: https://idpro.org/membership-overview/

#infosec #RBAC #governance

Or I could just ask the #vendor a simple question, get a brief answer that amounts to “not yet,” and #workaround that whole mess to get what I want. Which required a detour through #kubernetes #scheduler appeasement and a battle with extra special #rbac. But at least I have a #pullrequest that sums it all up.

Ugh, clusterroles with just give blanket permissions to all resources in all namespaces are the new blinkinlights permissions 😠 So many upstream devs just take the easy road and take all permissions even when their app does not need it.

#kubernetes #rbac #rbacishard

What is RBAC vs ABAC vs PBAC?
https://www.styra.com/blog/what-is-rbac-vs-abac-vs-pbac/
#rbac #abac #pbac #styra #opa

Public Preview of Role Based Access Control for Applications in #Exchange Online

Limit graph permissions to a specific scope of users in your tenant.

#EXO #RBAC #Graph

https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-public-preview-of-role-based-access-control-for/ba-p/3688228