none
Logic App storage connection RRS feed

  • Question

  • Hi, 

    When I create connection to azure storage(blob) from inside logic apps, LA designer lists all available storage accounts in my subscription and all I have to do is to select one and click OK. It creates a fully functional connection but what's puzzling it never asks me for any credentials like access keys or SAS? Any idea why it is so?

    Thanks!

    Wednesday, October 2, 2019 10:13 PM

Answers

  • A person who has access to Create Logic App (Logic App Contributor) with in the scope (Subscription/Resource Group) will automatically gets the read access of all the Storage Accounts under that scope.

    e.g. If I am Logic App Contributor at the subscription level I will get read access to all the storage account under that subscription

    similarly, I am Logic App Contributor at the Resource Group level I will get read access to all the storage account only under that Resource Group.

    You can check the RBAC Role details of Logic App contributor here.

    If you do not want to provide access to storage account than you need to create a custom RBAC role for the user.

    Friday, October 4, 2019 7:15 AM
    Moderator

All replies

  • Hello Fly2,

    There are two ways you can create the storage connection for your Logic App:

    - Select storage account from the existing list in your current subscription.

    - Manually enter the connection information if the storage account is not in the current subscription.

    Thursday, October 3, 2019 3:44 AM
    Moderator
  • Thank you Ketan. My question wasn't how to create connection. My question was why specifying the access key is not required when I select storage account from the list of available in my subscription. That pretty much means that anybody who can create a logic app can access blob storage. 

    Thanks!


    Thursday, October 3, 2019 7:41 PM
  • A person who has access to Create Logic App (Logic App Contributor) with in the scope (Subscription/Resource Group) will automatically gets the read access of all the Storage Accounts under that scope.

    e.g. If I am Logic App Contributor at the subscription level I will get read access to all the storage account under that subscription

    similarly, I am Logic App Contributor at the Resource Group level I will get read access to all the storage account only under that Resource Group.

    You can check the RBAC Role details of Logic App contributor here.

    If you do not want to provide access to storage account than you need to create a custom RBAC role for the user.

    Friday, October 4, 2019 7:15 AM
    Moderator