Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers.
Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Subscription1, you assign the Logic App Operator role to the Developers group.
Does this meet the goal?
Click on the arrows to vote for the correct answer
A. B.B
You would need the Logic App Contributor role.
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-appThe provided solution of assigning the Logic App Operator role to the Developers group on Subscription1 would partially meet the goal.
The Logic App Operator role provides the permission to manage logic apps, but it does not provide permission to create or manage resources within a resource group. Therefore, even if the Developers group has the Logic App Operator role, they would not be able to create Azure logic apps in the Dev resource group.
To enable the Developers group to create Azure logic apps in the Dev resource group, the solution should be modified as follows:
Assign the Contributor role to the Developers group at the Dev resource group level. This will provide them with the necessary permissions to create and manage resources within the Dev resource group.
If you want to limit the Developers group to only create and manage logic apps within the Dev resource group, you can create a custom role with the necessary permissions and assign it to the Developers group at the Dev resource group level. This will provide them with the necessary permissions to create and manage logic apps within the Dev resource group, but not to create or manage other types of resources within the Dev resource group or outside of it.
Therefore, the correct answer is B. No, the provided solution does not meet the goal.