services / Azure / Container registry scope maps
Scope maps define the repository-level permissions (content/pull/push/delete actions per repository) that are bound to Azure Container Registry tokens, forming the registry's repository-scoped access-control model.
Scope maps are ACR's RBAC mechanism for token-based access; creating/altering them grants or revokes registry access.
Microsoft.ContainerRegistry/registries/scopeMaps/delete
Deletes a scope map, removing the access-control policy bound to registry tokens; this destroys RBAC configuration and can revoke legitimate principals' access to repositories.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security