Can a Azure RBAC custom rule be set up so that the Role can ONLY Resubmit an earlier Logic App Run BUT not Modify the workflow via Designer oor otherwise ?
Asked
Active
Viewed 758 times
1
-
what is resubmit the logic? – 4c74356b41 Feb 26 '19 at 20:19
-
Updated the Q...acually meant the Resubmission of an earlier Logic App run – GilliVilla Feb 26 '19 at 20:20
1 Answers
0
I'm not really good at logic apps, but here's how you can get the list of possible rbac rules:
Get-AzProviderOperation -OperationSearchString 'microsoft.logic/*' | Select-Object -ExpandProperty operation | Sort-Object
I suppose, if you only give permission to Microsoft.Logic/workflows/runs/* that wouldnt allow the person to modify them, as that (most likely) requires Microsoft.Logic/workflows/write. You would also need to give read permissions.
Microsoft.Logic/workflows/run/action
Microsoft.Logic/workflows/runs/actions/listExpressionTraces/action
Microsoft.Logic/workflows/runs/actions/read
Microsoft.Logic/workflows/runs/actions/repetitions/listExpressionTraces/action
Microsoft.Logic/workflows/runs/actions/repetitions/read
Microsoft.Logic/workflows/runs/actions/repetitions/requestHistories/read
Microsoft.Logic/workflows/runs/actions/requestHistories/read
Microsoft.Logic/workflows/runs/actions/scoperepetitions/read
Microsoft.Logic/workflows/runs/cancel/action
Microsoft.Logic/workflows/runs/delete
Microsoft.Logic/workflows/runs/operations/read
Microsoft.Logic/workflows/runs/read
4c74356b41
- 69,186
- 6
- 100
- 141