services / Azure / APIM product developer-group associations

The set of APIM developer groups associated with a product, controlling which groups of developer-portal users can view and subscribe to the product's APIs.

This is developer-portal visibility/subscription gating, not Azure RBAC; it governs which API consumers can reach a product through the gateway.


Microsoft.​ApiManagement/​service/​products/​groups/​write

Associating a group with a product broadens which developers can see and subscribe to the product's APIs, expanding access entitlements and altering the access-control configuration.

Risks

Scope: MEDIUM

This privilege may grant access to confidential data, or its exploit can incur operational cost.

Links

  • https:​/​/​azure.​permissions.​cloud/​iam/​Microsoft.​ApiManagement
  • https:​/​/​learn.​microsoft.​com/​en-​us/​azure/​role-​based-​access-​control/​resource-​provider-​operations
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog