services / Azure / SQL server external policy-based authorization
The external policy-based authorization configuration on an Azure SQL logical server, binding an external authorization provider/policy that governs who is authorized to access the database server.
This is the authorization control-plane configuration governing access to a production database server.
Microsoft.Sql/servers/externalPolicyBasedAuthorizations/delete
Deleting the external policy-based authorization removes an access-control policy; when it would otherwise deny access this enables privilege escalation, and it can also revoke legitimate users' authorized access.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security