services / Azure / API Management groups
API Management groups are authorization constructs that bind users/developers to product and API access; group membership governs which products and APIs a developer can subscribe to and use.
Groups are the access-control grouping layer of the developer-facing surface; manipulating them changes who can access which APIs/products.
Microsoft.ApiManagement/service/groups/write
Creates or updates groups that gate user access to products/APIs, letting an attacker grant broader API access by altering the authorization grouping (escalation) and manipulate the access-control configuration.
Risks
Scope: MEDIUM
This privilege may grant access to confidential data, or its exploit can incur operational cost.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog