services / Azure / PIM role assignment schedule request
A role assignment schedule request is the PIM (Privileged Identity Management) object used to create or query a time-bound or permanent active RBAC role assignment for a principal at a scope. Writing it grants real RBAC privileges.
This is the actual grant mechanism for PIM-managed RBAC roles and therefore controls privileged access to the subscription/tenant.
Microsoft.Authorization/roleAssignmentScheduleRequests/write
Creating this request grants/activates an RBAC role assignment to a chosen principal via PIM, directly escalating privilege and establishing durable elevated access.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security