Logic Apps - Event Grid Trigger permissions

Question

Even if I see I have "Event Grid Contributor" role at Resource Group level, I cannot configure event grid trigger in my logic app workflow.

After selecting an item from "Resource Type" combo, the "Subscription" is empty.

If I copy and paste my "Subscription Id" in the combo and select "use as custom value" the combo "Resource Type" gives me this error:

The client 'xxxxx' with object id 'xxxx' does not have authorization to perform action 'Microsoft.Storage/StorageAccounts/read' over scope '/subscriptions/xxxx' or the scope is invalid. If access was recently granted, please refresh your credentials.

I have both "Storage Account Contributor" and "Storage Blob Data Contributor" role.

Answer 1

Hi, Welcome to MS Q&A,

I think if you're employing authentication methods given below on image during the creation of an Event Grid trigger, it's essential to ensure that the object's identity possesses, at minimum, read access over the subscription you're specifying as a custom value. In you case if its your ID so make sure you have at least reader access over subscription and as you mentioned you have both"Storage Account Contributor" and "Storage Blob Data Contributor" role, so make it at subscription level if it is not at this level

Kindly check and let us know if you have any further questions , Thanks!