services / Azure / Kubernetes roles (Arc connected cluster)
Role objects in the Kubernetes RBAC API of an Azure Arc connected cluster. They define namespace-scoped sets of permissions over the Kubernetes API that can be granted to subjects via role bindings.
Namespaced RBAC governs access within a namespace, which may host sensitive production workloads and secrets; roles are part of the cluster's access-control fabric.
Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/roles/delete
Deleting a namespaced Role removes access-control policy and can strip authorized principals of their access within the namespace.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security