azureazure-storageazure-identity
Azure SDK Get Account Information working without permissions
Can someone explain how is this working, when it should not.
azure_storage_account->GetAccountInfo();
Call to this function is working even if this role is not enabled Microsoft.Storage/storageAccounts/blobServices/getInfo/action
See screenshot below for permissions enabled. 
Solution
Azure SDK Get Account Information working without permissions
The GetAccountInfo() method works even without explicitly assigning Microsoft.Storage/storageAccounts/blobServices/getInfo/action because it may covered under higher privileged roles such as Contributor or Owner.
You can use the below Azure CLI command to check the RBAC roles assigned to your user or identity.
Command and output:
az role assignment list --assignee <user principal name or Id> --all --output table
Principal Role Scope
-------------------------------------------------------------------- ---------------------------------------- -----------------------------------------------------------------------------------------------------------------------------------------
<your-username> Owner /subscriptions/<subscription-id>
<your-username> Storage Blob Data Contributor /subscriptions/<subscription-id>/resourceGroups/venkatesan-rg/providers/Microsoft.Storage/storageAccounts/venkat326123
<your-username> User Access Administrator /subscriptions/<subscription-id>
<your-username> Storage Blob Data Contributor /subscriptions/<subscription-id>
<your-username> Storage File Data Privileged Contributor /subscriptions/<subscription-id>/resourceGroups/venkatesan-rg/providers/Microsoft.Storage/storageAccounts/venkat8912
<your-username> Storage File Data Privileged Contributor /subscriptions/<subscription-id>/resourceGroups/venkatesan-rg/providers/Microsoft.Storage/storageAccounts/venkat326123
Reference: