1

I'm trying to do something similar to this link:

  • when something (html file) added to the blob
  • get the content (In my case, an html file that I want to be my email body. see the next step)
  • email the content (simple case as attachment, what I'm trying to do is as email body)

However, I'm stuck at the beginning with some permission issues: enter image description here

I check my storage account IAM role to see if I can add Logic App as Blob Contributor/Reader but I couldn't find anything there. I doesn't list my logic app there: Can someone help me with that?

enter image description here

mas
  • 339
  • 7
  • 22
  • Is your container have Private access level? – Jagrati Modi Mar 05 '21 at 04:52
  • We connect to container (ADLS Gen2) through a VNet, but as I said, I couldn't find a way to set any access/permission in logic app (or container for logic app) – mas Mar 09 '21 at 00:56

1 Answers1

1

As far as I know, it has nothing to do with assign some access(some roles) to logic app as you mentioned in your last screenshot. It is related to the user permissions who create the blob storage API connection.

According to the screenshot you provided, it seems you can add the trigger "When a blob is added or modified (properties only)" with blob storage API connection into logic app success but it shows the error message Please check you account......(I test in my side, if I do not have the permission, it will not allow me to create the connection when add the trigger). So when you add the trigger, it might not ask you to select a storage account (to create API connection). It might have just used an existing API connection (in same resource group of logic app) to connect to storage account. You can see the API connection in the same resource group of your logic app. Its name may be azureblob and if you click into the API connection, you can see the display name is f which same with your screenshot.

enter image description here

But the user who created the API connection doesn't have permission to storage account now or the API connection has expired(maybe expire in 90 days). So it shows the error message.

To solve this problem, you can click "Change connection" button at the bottom of the trigger to add another connection to connect to storage account. enter image description here

=============================Update===========================

To connect to storage in logic app through vnet, we can refer to this post.

Hury Shen
  • 14,948
  • 1
  • 9
  • 18
  • thanks for your answer. But even if I select *Change Connection* and then select my storage account from the list, and create a new connection to that, it doesn't let me create and give a permission error. – mas Mar 09 '21 at 01:02
  • btw, as soon as I select **"When a blob is added or modified (properties only)"** and put it on the designer canvas, the error appears. – mas Mar 09 '21 at 01:17
  • just tried another storage account and I could make a connection to it. I think the problem is our ADLS Gen 2 which the connection is through a VNet (for another layer of security). I don't know how to fix this for logic app, I did it for Azure functions and other services. – mas Mar 09 '21 at 02:00
  • 1
    @mas If your storage connection is through vnet, maybe you can refer to this [post](https://stackoverflow.com/questions/61663871/how-to-connect-azure-storage-account-to-logic-apps-without-enabling-public-acces/61675061#61675061) which I provided solution in the past. You can start with step 2. – Hury Shen Mar 10 '21 at 07:09
  • 1
    thanks, @Hury Shen, that's quite what I'm looking for. – mas Mar 12 '21 at 05:30
  • 1
    @mas Great, I have added the post link to my answer. Could you please mark my answer as "accepted", thanks. – Hury Shen Mar 12 '21 at 05:34
  • @mas If still have any problem, please let me know. – Hury Shen Mar 15 '21 at 05:15
  • Your solution works, but I should mention that using ISE is a very very expensive solution . if you only make it for Logic app. – mas Mar 26 '21 at 03:08