services / Azure / Role definition
An RBAC role definition specifies a named set of allowed/denied actions (permissions) and assignable scopes that can be bound to principals via role assignments.
Role definitions describe the permission sets behind every role; the asset is tenant/subscription-wide access-control policy.
Microsoft.Authorization/roleDefinitions/delete
Deleting a custom role definition destroys an access-control policy object and breaks every assignment referencing it, revoking the access of all principals assigned that role.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog