Having a contributor role for both the resource group and the logic app within but couldn't edit the logic app

faten 26 Reputation points
2021-03-01T16:04:06.717+00:00

Hello,

I have an account on Azure, I am not the administrator of the account but I have the contributor role for both the resource group and the logic app within it and I want to create a logic app that triggers a smart contract using the Ethereum connector. So I go to the code viewer of the logic app to modify the code (copied from the json file that I generated through Visual Studio Code). However, once I click on the save button, the code can't be saved and an error message appears saying that it:
Failed to save logic app LogicAppName. The client has permission to perform action 'Microsoft.Logic/workflows/write' on scope '/subscriptions/subscriptionName/resourceGroups/resourceGroupsName/providers/Microsoft.Logic/workflows/LogicAppName'; however, it does not have permission to perform action 'join/action' on the linked scope(s) '/subscriptions/subscriptionName/resourceGroups/' or the linked scope(s) are invalid.

With the help of the admin we tried several tests, adding/changing roles assigned to my account but I still get the same error (the admin was able to save the logic app code that I provided for him without that error).

Is it possible to guide me to what I can do or ask the account admin to do to help with this?
Thank you in advance!

Microsoft Identity Manager
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
606 questions
Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,827 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. MayankBargali-MSFT 68,066 Reputation points
    2022-02-07T06:38:02.38+00:00

    As per the error message below error you can see your user have write permission but you are trying to perform the join/action on resource group level subscriptions/subscriptionName/resourceGroups/
    The client has permission to perform action 'Microsoft.Logic/workflows/write' on scope '/subscriptions/subscriptionName/resourceGroups/resourceGroupsName/providers/Microsoft.Logic/workflows/LogicAppName'; however, it does not have permission to perform action 'join/action' on the linked scope(s) '/subscriptions/subscriptionName/resourceGroups/' or the linked scope(s) are invalid.

    In case if someone has specified the logic app contributor permission or any of the build in role access then please verify if that RBAC role have the required permission or not.
    In the above case if someone has specified the logic app contributor permission at the resource group level then the user would not have the join/action permission on the subscription resource group.

    You need to either specify the subscription level contributor or subscription level logic app contributor permission.

    0 comments