services / Azure / Logic Apps API access-control list
The API access-control list (ACL) restricting which principals may invoke a managed API/connector.
These ACLs are authorization policy; removing or rewriting them changes who can reach the API.
Microsoft.Web/apimanagementaccounts/apis/apiacls/delete
Deletes the API ACL entries, tearing down the access-control policy that restricts callers, which can strip authorized principals' access while relaxing restrictions guarding the API.
Risks
Scope: MEDIUM
This privilege may grant access to confidential data, or its exploit can incur operational cost.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog