services / Azure / Log Analytics workspace data (all tables)

The Azure Log Analytics (Microsoft.OperationalInsights) workspace data-plane read entitlement, granting read access to workspace data down to fine-grained tables or rows. Unlike a single per-table read, it can cover every table ingested into the workspace.

Because the workspace can ingest arbitrary custom tables (application/security/PII data) alongside diagnostic logs, this broad read can reach data beyond pure monitoring telemetry; still MEDIUM as the monitoring-data tier, but the breadth raises exfiltration potential.


Microsoft.​OperationalInsights/​workspaces/​tables/​Data/​read

Grants read across all workspace tables/rows, letting an attacker bulk-export and enumerate every ingested log stream and any sensitive application/security data captured in custom tables.

Risks

Scope: MEDIUM

This privilege may grant access to confidential data, or its exploit can incur operational cost.

Links

  • https:​/​/​azure.​permissions.​cloud/​iam/​Microsoft.​OperationalInsights
  • https:​/​/​learn.​microsoft.​com/​en-​us/​azure/​role-​based-​access-​control/​resource-​provider-​operations
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog