| Plugin Title | Queue Service All Access ACL |
| Cloud | AZURE |
| Category | Queue Service |
| Description | Ensures queues do not allow full write, delete, or read ACL permissions |
| More Info | Queues can be configured to allow object read, write or delete. This option should not be configured unless there is a strong business requirement. |
| AZURE Link | https://docs.microsoft.com/en-us/azure/storage/queues/storage-quickstart-queues-portal |
| Recommended Action | Disable global read, write, delete policies on all queues and ensure the ACL is configured with least privileges. |
- Log into the Microsoft Azure Management Console.
- Select the "Search resources, services, and docs" option at the top and search for Storage account.
- Select the "Storage account" by clicking on the "Name" link to access the configuration changes.
- Click on the "Overveiw" in the selected "Storage account" and scroll down the right side of the settings and click on the "Queues" option under "Services".
- Select the "Queue" by clicking on the "Name" link to access the configuration changes.
- In the selected "Queue", click on the "Access Policy" and check the "Permissions" assosciated with the "Queue". If the "Queue" allows full write, delete, or read ACL permissions then the selected "Queue" is not as per the standard configurations.
- Repeat steps number 2 - 6 to verify other "Queues" in the Azure account.
- Navigate to the "Storage accounts", select the "Storage account" and click on the "Name", select the "Overview" options and select the "Queue" by clicking on the "Name" as a link to access the configurations.
- On the "Queue" configuration click on the "Access Policy" option and select the "Edit" option to make the changes.
- Uncheck the global read/write/detele policies under the "Permissions" and click on the "OK" button to make the changes.
- Click on the "Save" button at the top to save the configuration changes.
- Repeat steps number 8 - 11 to ensures "Queues" do not allow full write, delete, or read ACL permissions.
