Assigning Roles in Azure AD for Logic App Creation
Question
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named
Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Dev, you assign the Logic App Contributor role to the Developers group.
Does this meet the goal?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B.B
The Logic App Contributor role lets you read, enable and disable logic app.
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#logic-app-contributorYes, the solution of assigning the Logic App Contributor role to the Developers group on the Dev resource group meets the goal of providing the Developers group with the ability to create Azure logic apps in the Dev resource group.
Explanation: Azure role-based access control (RBAC) allows you to assign granular permissions to users, groups, and applications at a particular scope, such as the management group, subscription, resource group, or resource.
To provide the Developers group with the ability to create Azure logic apps in the Dev resource group, we need to assign them appropriate permissions. The Logic App Contributor role is the built-in role in Azure that provides permissions to create, edit, and delete logic apps, but not to manage the underlying resources such as the resource group, storage accounts, or other services.
Therefore, the solution of assigning the Logic App Contributor role to the Developers group on the Dev resource group meets the goal of providing the Developers group with the ability to create Azure logic apps in the Dev resource group, without giving them any unnecessary permissions that they don't need.
Note: It's always important to follow the principle of least privilege, which means granting only the minimum required permissions to complete a task, to avoid any potential security risks.
