services / Azure / Web Apps Functions host function keys
Host-level function keys for a function app, bearer credentials valid across all functions in the app to authorize HTTP invocation.
Host-wide invocation credentials; invoking functions runs code under the app's (possibly managed) identity.
Microsoft.Web/sites/host/functionkeys/delete
Deleting a host-level function key revokes a credential used to invoke functions across the app, denying authorized callers and disrupting the app's HTTP endpoints.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog