services / Azure / Garnet cluster sorted-set data

Azure Managed Garnet is a Redis-compatible in-memory data store; this resource type is the data-plane (ACL-scoped) command surface over sorted sets and other structures held in the cluster.

Holds production application data (caches, sessions, queues, sorted sets) for a single organizational function; data-plane access reads/writes/deletes the stored records directly.


Microsoft.​DocumentDB/​garnetClusters/​acl/​bzpopmax/​delete

BZPOPMAX blocks, removes, and returns the highest-score element from sorted set(s), both destroying the data and disclosing the popped member to the caller.

Risks

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​azure.​permissions.​cloud/​iam/​Microsoft.​DocumentDB
  • https:​/​/​learn.​microsoft.​com/​en-​us/​azure/​role-​based-​access-​control/​resource-​provider-​operations
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog