services / Azure / Azure SQL server Azure AD administrator

The Azure Active Directory administrator binding for an Azure SQL logical server, designating the identity that holds full administrative control over the server and all its databases.

This is an access-control assignment pointing at a highly privileged identity; controlling it grants full server/database admin authority.


Microsoft.​Sql/​servers/​administrators/​delete

Deletes the Azure AD administrator binding, removing the access-control assignment (policy destruction) and denying the legitimate administrator their authorized access.

Risks

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Links

  • https:​/​/​azure.​permissions.​cloud/​iam/​Microsoft.​Sql
  • https:​/​/​learn.​microsoft.​com/​en-​us/​azure/​role-​based-​access-​control/​resource-​provider-​operations
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog