services / Azure / Azure SQL Managed Database
A database hosted on an Azure SQL Managed Instance, holding production organizational data for a single application or function.
Production data store; the data plane holds sensitive organizational data, while the control plane manages the database resource configuration.
Microsoft.Sql/managedInstances/databases/startMove/action
Initiates relocating/copying the production database to another managed instance, which can target an attacker-controlled instance, enabling exfiltration of the full dataset as well as disrupting operational placement.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog