services / Azure / APIM Product-group links

Product-group links are association records in an Azure API Management workspace that connect a product to developer-portal groups, governing which groups can see and subscribe to a product's APIs.

These control developer-portal product visibility/subscription eligibility (an access-control-adjacent surface for a single API gateway function); they are not Azure RBAC/IAM role assignments.


Microsoft.​ApiManagement/​service/​workspaces/​products/​groupLinks/​write

Creating a product-group link grants a developer group visibility and subscription access to a product's APIs, expanding which principals can consume the product and altering the access mapping.

Risks

Scope: MEDIUM

This privilege may grant access to confidential data, or its exploit can incur operational cost.

Links

  • https:​/​/​azure.​permissions.​cloud/​iam/​Microsoft.​ApiManagement
  • https:​/​/​learn.​microsoft.​com/​en-​us/​azure/​role-​based-​access-​control/​resource-​provider-​operations
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog