services / Azure / Backup recovery points
Recovery points are point-in-time backup snapshots of protected items (VMs, databases, file shares) stored within a Recovery Services vault.
Recovery points hold full copies of production organizational data; access to them is equivalent to access to the source data.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action
Restoring a recovery point materializes the backed-up data to a target the attacker can choose (exfiltration) and can overwrite live data in place with stale backup contents (manipulation).
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog