services / Azure / Storage DataShare
A storage data share is a control-plane sub-resource of a storage account that configures sharing of the account's data with recipients, potentially external or cross-tenant.
Directly governs distribution of a single storage account's organizational data, making it a sensitive data-egress control point.
Microsoft.Storage/storageAccounts/dataShares/write
Creating or updating a data share can expose the account's data to attacker-controlled recipients (data egress channel) and alters the sharing configuration.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog