services / Azure / Garnet cluster sorted-set data
Azure Managed Garnet is a Redis-compatible in-memory data store; this resource type is the data-plane (ACL-scoped) command surface over sorted sets and other structures held in the cluster.
Holds production application data (caches, sessions, queues, sorted sets) for a single organizational function; data-plane access reads/writes/deletes the stored records directly.
Microsoft.DocumentDB/garnetClusters/acl/bzpopmax/delete
BZPOPMAX blocks, removes, and returns the highest-score element from sorted set(s), both destroying the data and disclosing the popped member to the caller.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog