services / Azure / Mongo Cluster users
Database users (data-plane accounts) defined on an Azure Cosmos DB for MongoDB (vCore) Mongo Cluster, including their roles/privileges on the cluster's databases.
These are the database identities that authenticate to and authorize access against the production data store.
Microsoft.DocumentDB/mongoClusters/users/delete
Deleting a database user destroys that cluster account and denies the legitimate principal its authorized access to the production database.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog