services / Azure / ACR registry tokens
ACR tokens are named, repository-scoped access principals bound to scope maps that authorize pull/push/delete operations against a container registry.
Tokens are credential-backed access identities for the registry's image supply chain; their passwords are generated separately via the credentials action and are not returned by read.
Microsoft.ContainerRegistry/registries/tokens/delete
Delete token removes a registry access-control credential and its scope-map binding, revoking legitimate principals' authorized registry access and destroying access-control state.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog