Forbidden to trigger Logic App workflow via HTTP request

Funnel 26 Reputation points
2020-07-15T08:25:08.09+00:00

Hi,
I am having troubles allowing our client id to trigger LA run. Not sure how to add the missing permissions.
Listing runs history via API works just fine with our API credentials but triggering new run gets Forbidden error:

The client '...' with object id '...' does not have authorization to perform action 'Microsoft.Logic/workflows/triggers/run/action' over scope '/subscriptions/{my_subscription_id}/resourceGroups/{my_resource_group}/providers/Microsoft.Logic/workflows/{my_workflow}/triggers/manual'

Some details are in the following thread https://github.com/Azure/azure-sdk-for-python/pull/12535#issuecomment-658109542

Any suggestions how to resolve it?

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,965 questions
0 comments No comments
{count} votes

Accepted answer
  1. Pramod Valavala 20,606 Reputation points Microsoft Employee
    2020-07-15T12:03:00.543+00:00

    Access to Azure Resources and Actions is controlled via Azure RBAC. The application whose Client ID you are using doesn't have the required permissions based on the error. Since its able to access run history, it probably is assigned the Logic App Operator role, which doesn't include the required Microsoft.Logic/workflows/triggers/run/action permission.

    With this being the case, your option would be to either assign it the Logic App Contributor role which grants it a lot many more permissions or create a custom role that includes the required Microsoft.Logic permissions.

    2 people found this answer helpful.

0 additional answers

Sort by: Most helpful