services / Azure / APIM Product-group links
Product-group links are association records in an Azure API Management workspace that connect a product to developer-portal groups, governing which groups can see and subscribe to a product's APIs.
These control developer-portal product visibility/subscription eligibility (an access-control-adjacent surface for a single API gateway function); they are not Azure RBAC/IAM role assignments.
Microsoft.ApiManagement/service/workspaces/products/groupLinks/write
Creating a product-group link grants a developer group visibility and subscription access to a product's APIs, expanding which principals can consume the product and altering the access mapping.
Risks
Scope: MEDIUM
This privilege may grant access to confidential data, or its exploit can incur operational cost.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog