services / Azure / API connection access-control lists (legacy connector connection ACLs)
Connection ACLs are access-control list entries on legacy API Management account / managed-connector API connections, governing which principals and resources may use a connection. The connection itself typically holds backing credentials (tokens/keys) to a connected backend.
Sensitivity is that of a single integration function's authorization gate; the connection may broker credentialed access to a backend.
Microsoft.Web/apimanagementaccounts/apis/connections/connectionacls/delete
Deleting the connection ACL removes the access-control policy restricting the connection (enabling unrestricted use) and can strip authorized principals of their legitimate access.
Risks
Scope: MEDIUM
This privilege may grant access to confidential data, or its exploit can incur operational cost.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog