How to give app permission to create Azure Logic App

Question

I am trying to use Microsoft.Azure.Management.Logic.LogicManagementClient to programmatically create a Logic App workflow in Azure. Authentication has already worked, but when I call logicManagementClient.Workflows.CreateOrUpdateAsync(), I am getting a CloudException saying that the client does not have authorization to perform action 'Microsoft.Logic/workflows/write'.

How can I give the app the required permissions?

I have already given it (in the Azure Portal) all permissions for Azure AD and Microsoft Graph. But when I try to add permissions for Windows Azure Service Management API (which I assume is the relevant API here), it says "No application permissions available":

Answer 1

You need to give your app at least Contributor access to the resource group via the Access Control (IAM) tab. To manage Azure resources through the ARM API, you always need a role via RBAC.

Answer 2

I did this via PowerShell. I assigned the Contributor role to my App Registration. Here are the commands.

az login

az account set --subscription "YOURSUBSCRIPTIONNAME"

NOTE: Had to create Resource Group in Portal, Use the Application (client) ID of the App Registration Client

New-AzRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName Application(client)ID -ResourceGroupName YOURRESOURCEGROUPNAME