![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 18%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
3,414 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 59%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
Hi Ahwan Mishra,
In Azure managing authorizations it's by role assignments(https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?tabs=delegate-condition), so In your case in order to only trigger logic app (Microsoft.Logic/workflows/runs/write) by an specific group you can assign role access in this way:
- GroupOnlyRead => Logic App Operator
- GroupTrigger => Logic App Contributor
How to Assign the roles: https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?tabs=delegate-condition
An important point in this setup it's the dependency on your current RBAC implementation. That's meaning your user must have the least privileged inherid resource on top level Otherwise if you have more priviledged roles these users will also able to trigger the logic apps workflows already included in the allowed operations (Microsoft.Logic/workflows/runs/write). Let me know if you have any question in your configuration.
Luis