services / Azure / Kubernetes cluster roles (Arc connected cluster)
ClusterRole objects in the Kubernetes RBAC API of an Azure Arc connected cluster. They define cluster-wide sets of permissions over the Kubernetes API that can be granted to subjects via (cluster)role bindings.
Cluster-scoped RBAC governs access to all namespaces and cluster resources; a ClusterRole can confer cluster-admin, making this the access-control backbone of the entire cluster.
Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/clusterroles/delete
Deleting a ClusterRole removes cluster-wide access-control policy, which can strip authorized principals of their access and disrupt RBAC enforcement.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security