AZT106 - Gather Role Information#
An adversary may obtain information about a role within Azure Active Directory or within Azure Resource Manager.
ID | Name | Description | Action | Resource |
---|---|---|---|---|
AZT106.1 | Gather Role Information | An adversary may obtain information about a role within Azure Active Directory | microsoft.directory/roleAssignments/standard/read | Azure Active Directory |
microsoft.directory/directoryRoles/standard/read | ||||
microsoft.directory/directoryRoles/eligibleMembers/read | ||||
microsoft.directory/directoryRoles/members/read | ||||
AZT106.2 | Gather Application Role Information | An adversary may obtain information about an application role within Azure Active Directory | microsoft.directory/roleAssignments/standard/read | Azure Active Directory |
microsoft.directory/directoryRoles/standard/read | ||||
microsoft.directory/directoryRoles/eligibleMembers/read | ||||
microsoft.directory/directoryRoles/members/read | ||||
microsoft.directory/users/appRoleAssignments/read | ||||
microsoft.directory/servicePrincipals/appRoleAssignments/read | ||||
microsoft.directory/servicePrincipals/appRoleAssignedTo/read | ||||
microsoft.directory/applications/owners/read | ||||
AZT106.3 | Gather Azure Resources Role Assignments | An adversary may gather role assignments for a specific Azure Resource, Resource Group, or Subscription. | {resource}/read | Azure Resources |
AZT106.4 | List Transitive Role Assignments | An adversary may gather Transitive Role Assignments by specifiying a known principal Id | Azure Active Directory |