services / Azure / Role assignment
An RBAC role assignment binds a principal (user, group, service principal, or managed identity) to a role definition at a given scope, granting that principal the role's permissions.
Role assignments are the core access-control bindings of Azure; the asset is tenant/subscription-wide identity and access-control data.
Microsoft.Authorization/roleAssignments/delete
Deleting a role assignment destroys an access-control binding, which can strip legitimate principals of access (denial-of-access) and tear down deny/constraining grants that would otherwise limit the attacker.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security