services / Azure / PIM role assignment schedule request

A role assignment schedule request is the PIM (Privileged Identity Management) object used to create or query a time-bound or permanent active RBAC role assignment for a principal at a scope. Writing it grants real RBAC privileges.

This is the actual grant mechanism for PIM-managed RBAC roles and therefore controls privileged access to the subscription/tenant.


Microsoft.​Authorization/​roleAssignmentScheduleRequests/​write

Creating this request grants/activates an RBAC role assignment to a chosen principal via PIM, directly escalating privilege and establishing durable elevated access.

Risks

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Links

  • https:​/​/​azure.​permissions.​cloud/​iam/​Microsoft.​Authorization
  • https:​/​/​learn.​microsoft.​com/​en-​us/​azure/​role-​based-​access-​control/​resource-​provider-​operations
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog