services / Azure / Storage Blob Service Blobs
Blobs are the individual data objects (files) stored inside containers of an Azure Storage account's blob service. They hold an organization's unstructured production data such as documents, backups, media, and application data.
Data-plane access to blobs directly exposes stored organizational data; ADLS Gen2 (hierarchical namespace) accounts also expose POSIX ownership/ACLs at the blob level.
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/runAsSuperUser/action
Executing blob commands as ADLS Gen2 superuser bypasses all POSIX ACL/ownership checks, granting unrestricted read, write, and access-control over any blob in the filesystem.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security