services / Azure / API Management groups

API Management groups are authorization constructs that bind users/developers to product and API access; group membership governs which products and APIs a developer can subscribe to and use.

Groups are the access-control grouping layer of the developer-facing surface; manipulating them changes who can access which APIs/products.


Microsoft.​ApiManagement/​service/​groups/​write

Creates or updates groups that gate user access to products/APIs, letting an attacker grant broader API access by altering the authorization grouping (escalation) and manipulate the access-control configuration.

Risks

Scope: MEDIUM

This privilege may grant access to confidential data, or its exploit can incur operational cost.

Links

  • https:​/​/​azure.​permissions.​cloud/​iam/​Microsoft.​ApiManagement
  • https:​/​/​learn.​microsoft.​com/​en-​us/​azure/​role-​based-​access-​control/​resource-​provider-​operations
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog