The Logic Apps team rolled out a series of RBAC roles for Logic Apps Standard, which provides more granular permissions for operations under Azure Logic Apps Standard. You will find that the following roles are now available:
-
Logic App Standard Reader (Preview): Provide you with view only access to all resources within a Logic App Standard application, including workflow history and workflow run.
-
Logic App Standard Operator (Preview): Let you access a Logic App Standard application and all workflows, allowing you to resubmit/enable/disable workflow, as well as configuring api connections and network. Operators can administer the platform and execute support tasks, but do not have permissions to make changes on workflow or app settings.
-
Logic App Standard Developer (Preview): Let you create and update workflows, API Connections and app settings in a Logic App standard application. The developer role does not allow you to make changes outside the scope of workflows - so application-wide changes like VNET configuration, App Service Plans are not supported.
-
Logic App Standard Contributor (Preview): Let you manage all aspects of a Logic App Standard application, but you can't change access to them.
The table below summarized the capabilities of each one of the roles:
| Permission | Reader | Operator | Developer |
Contributor |
|
Read workflow |
||||
|
Read Runs |
||||
|
Read site config |
||||
| Restart/Stop/Start site | ||||
| Trigger/resubmit runs | ||||
| Read Schemas/Maps | ||||
| Read parameters | ||||
| Read/write app settings | ||||
| Enable debug mode (app setting) | ||||
|
Update workflows (Portal and VSCode) |
||||
| Access Kudu | ||||
| Make/update connections | ||||
| All other config | ||||
| Add/remove roles |
You can follow those steps to apply RBAC roles to your Logic Apps Standard.
Updated Aug 22, 2023
Version 1.0
WSilveira
Microsoft
Microsoft
