Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named
Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Subscription1, you assign the Logic App Operator role to the Developers group.
Does this meet the goal?
Click on the arrows to vote for the correct answer
A. B.B
The Logic App Operator role only lets you read, enable and disable logic app. With it you can view the logic app and run history, and enable/disable. Cannot edit or update the definition.
You would need the Logic App Contributor role.
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-appThe solution provided, which is to assign the Logic App Operator role to the Developers group in Subscription1, meets the stated goal of providing the Developers group with the ability to create Azure logic apps in the Dev resource group.
Explanation: Azure Role-Based Access Control (RBAC) enables you to manage access to resources in your Azure subscription by assigning roles to users, groups, and applications at a particular scope. Roles define the actions that can be performed on the resources. The Logic App Operator role is one of the built-in roles in Azure that provides permission to create and modify logic apps in a resource group.
In this scenario, the goal is to provide the Developers group with the ability to create Azure logic apps in the Dev resource group. To achieve this, we need to assign a role that provides the necessary permission to the group at the Dev resource group scope. Since the Dev resource group is in Subscription1, we need to assign the role at the Subscription1 scope.
Therefore, assigning the Logic App Operator role to the Developers group in Subscription1 provides them with the necessary permission to create Azure logic apps in the Dev resource group, and hence meets the stated goal.