Aqua CSPM

Table Service All Access ACL

Quick Info

Plugin TitleTable Service All Access ACL
CloudAZURE
CategoryTable Service
DescriptionEnsures tables do not allow full write, delete, or read ACL permissions
More InfoTable Service tables can be configured to allow to read, write or delete on objects. This option should not be configured unless there is a strong business requirement.
AZURE Linkhttps://docs.microsoft.com/en-us/azure/storage/tables/table-storage-quickstart-portal
Recommended ActionDisable global read, write, and delete policies on all tables and ensure the ACL is configured with least privileges.

Detailed Remediation Steps

  1. Log into the Microsoft Azure Management Console.
  2. Select the “Search resources, services, and docs” option at the top and search for Storage account.
  3. Select the “Storage account” by clicking on the “Name” link to access the configuration changes.
  4. Click on the “Overveiw” in the selected “Storage account” and scroll down the right side of the settings and click on the “Tables” option.
  5. Select the “Table” by clicking on three dot options at the right corner to access the “Access policy.”
  6. In the selected “Table”,check the “Permissions” assosciated with the “Table”. If the “Table” allow full write, delete, or read ACL permissions then the selected “Table” is not as per the standard configurations.
  7. Repeat steps number 2 - 6 to verify other “Table” in the Azure account.
  8. Navigate to the “Storage accounts”, select the “Storage account” and click on the “Name”, select the “Overview” options and select the “Table” by clicking on the dots and click on the “Access policy” to access the configurations.
  9. On the “Table” configuration select the “Edit” option to make the changes.
  10. Uncheck the global read/write/detele policies under the “Permissions” and click on the “OK” button to make the changes.
  11. Repeat steps number 8 - 10 to ensures “Tables” do not allow full write, delete, or read ACL permissions.