In the previous blog: https://techcommunity.microsoft.com/blog/integrationsonazureblog/use-logic-app-to-give-other-user-rbac-permission-via-rest-api-/3963599 We use REST API to give user RBAC permission. In this article, we will use the Graph API to assign roles to logic app managed identity. Previous document are mostly use powershell, here is a simply guide with Graph API
1. Need to enable logic app Managed Identity, and copy the Object ID
Logic app -> identity -> System assigned
2. Find the role related service principle ID and role ID:
For example, if we want to have a role: 'WindowsDefenderATP.MachineIsolate' roles
Reference: List servicePrincipals - Microsoft Graph v1.0 | Microsoft Learn
Method: Get
URL: https://graph.microsoft.com/v1.0/servicePrincipals?$filter=displayName eq 'WindowsDefenderATP'
3. Copy The Id
4. Searching "Machine.Isolate", Copy role ID: (make sure you are copying the one which Origin is "Application"
5. Invoke a Post request to grant permission:
Reference: List appRoleAssignments granted for a service principal - Microsoft Graph v1.0 | Microsoft Learn
Method: POST
URL:https://graph.microsoft.com/v1.0/servicePrincipals/(replace This with your identity's ID from Step1)/appRoleAssignedTo
Body: { "principalId": "(replace This with your identity's ID from Step1)", "resourceId": "(replace this ID with your own ID got from step 3)", "appRoleId": "(replace this ID with your own ID got from step 4)" }
If execute successfully, you will see the permission is added to your system assigned managed identity.
