services / Azure / Azure SQL Database server DNS alias
A SQL server DNS alias is a stable CNAME-like DNS name that maps clients to an Azure SQL logical server, allowing the underlying server to change without updating connection strings.
Controlling an alias controls the connection endpoint clients resolve to reach production databases; it is effectively a routing/domain control for the database service.
Microsoft.Sql/servers/dnsAliases/delete
Deleting a DNS alias removes the stable connection name clients resolve to, breaking application connectivity to the database (denial of service).
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog