services / Azure / API connection access-control lists (legacy connector connection ACLs)
Connection ACLs are access-control list entries on legacy API Management account / managed-connector API connections, governing which principals and resources may use a connection. The connection itself typically holds backing credentials (tokens/keys) to a connected backend.
Sensitivity is that of a single integration function's authorization gate; the connection may broker credentialed access to a backend.
Microsoft.Web/apimanagementaccounts/apis/connections/connectionacls/write
Creating/updating the connection ACL lets an attacker grant a controlled principal use of the credentialed connection (an access-control grant) and tamper with who may invoke it.
Risks
Scope: MEDIUM
This privilege may grant access to confidential data, or its exploit can incur operational cost.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog