services / Azure / Storage Queue Services
The queue service is the account-level control-plane resource for Azure Storage Queues, holding service-wide settings such as CORS rules, hour/minute metrics, and analytics logging configuration.
Configuration of a messaging service that carries operational data; service-level settings can affect logging and access signing.
Microsoft.Storage/storageAccounts/queueServices/generateUserDelegationKey/action
Returns a user delegation key — exportable credential material that can sign SAS tokens granting standing delegated data-plane access to the queue service.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog