Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
Issue Creating Workflows in Standard Logic App Using User-Assigned Managed Identity (UAMI) .
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 32%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EUR%3C/text%3E%3C/svg%3E)
Utkarsh Rai
0
Reputation points Microsoft Employee
Hi Team,
I’m working on setting up a Standard Logic App and encountering issues while creating workflows. I’ve disabled the “Allow storage account key access” setting on the associated storage account and intend to authenticate using a User-Assigned Managed Identity (UAMI) or System-Assigned Managed Identity (SAMI).
Below are the configuration settings I’ve added or updated in the Logic App’s application settings:
-
AzureWebJobsStorage__blobServiceUri
AzureWebJobsStorage__credentialType (set to managedIdentity)
AzureWebJobsStorage__managedIdentityResourceId
AzureWebJobsStorage__queueServiceUri
AzureWebJobsStorage__tableServiceUri
WEBSITE_NODE_DEFAULT_VERSION
WEBSITE_VNET_ROUTE_ALL
The UAMI has been assigned the following roles on the storage account:
Storage Blob Data Contributor
Storage Queue Data Contributor
Storage Table Data Contributor
Storage Blob Data Owner
Storage Account Contributor
Despite these configurations and permissions, I’m still encountering errors when trying to create or deploy workflows.
Could someone please advise if I’m missing any required permissions or configuration steps specific to storage access via managed identities in Standard Logic Apps?
Appreciate your support and insights.
Thanks, Utkarsh RaiHi Team,
I’m working on setting up a Standard Logic App and encountering issues while creating workflows. I’ve disabled the “Allow storage account key access” setting on the associated storage account and intend to authenticate using a User-Assigned Managed Identity (UAMI) or System-Assigned Managed Identity (SAMI).
Below are the configuration settings I’ve added or updated in the Logic App’s application settings:
AzureWebJobsStorage__blobServiceUri
AzureWebJobsStorage__credentialType (set to managedIdentity)
AzureWebJobsStorage__managedIdentityResourceId
AzureWebJobsStorage__queueServiceUri
AzureWebJobsStorage__tableServiceUri
WEBSITE_NODE_DEFAULT_VERSION
WEBSITE_VNET_ROUTE_ALL
The UAMI has been assigned the following roles on the storage account:
Storage Blob Data Contributor
Storage Queue Data Contributor
Storage Table Data Contributor
Storage Blob Data Owner
Storage Account Contributor
Despite these configurations and permissions, I’m still encountering access errors when trying to create or deploy workflows.
Error - System.Private.CoreLib: Access to the path 'C:\home\data\Functions\secrets\Sentinels' is denied.
Could someone please advise if I’m missing any required permissions or configuration steps specific to storage access via managed identities in Standard Logic Apps?
Appreciate your support and insights .
Azure Logic Apps
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 21%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKC%3C/text%3E%3C/svg%3E)
Krishna Chowdary Paricharla 2,075 Reputation points Microsoft External Staff Moderator2025-08-06T19:51:24.84+00:00 Hello Utkarsh Rai •,
You're getting the error
Access to the path 'C:\home\data\Functions\secrets\Sentinels' is denied, which is not directly caused by the managed identity or storage access settings, but by a file system access issue in the Logic App's runtime.Your storage settings and managed identity roles look correct, assuming:
- You're using
AzureWebJobsStorage__credentialType = managedIdentity - You’ve not set
managedIdentityResourceIdfor system-assigned identity - The UAMI/SAMI has data plane roles (e.g., Blob/Queue/Table Contributor) at the storage account level
The error likely comes from the Logic App runtime trying to write secrets locally and failing due to file system restrictions.
Recommendations to fix the issue:
- Add this setting to explicitly define a writable path:
"AzureFunctionsJobHost__SecretsPath": "D:\\home\\data\\Functions\\secrets"Ensure the App Service environment supports write access (especially if using custom containers or VNET). IfWEBSITE_VNET_ROUTE_ALL = 1, make sure the Logic App can reach Azure Instance Metadata Service (IMDS) and Storage endpoints. - Confirm the identity also has Reader role on the resource group (optional but helpful for full access.
- You're using
-
Krishna Chowdary Paricharla 2,075 Reputation points Microsoft External Staff Moderator
2025-08-07T00:53:11.36+00:00 Hello Utkarsh Rai •,
Thank you for posting your concern on Microsoft Q&A.
Could you please check the private message and provide the required details for troubleshooting the issue further.
Here is the reference link on how to access & data retention policy of private messages in Microsoft Q&A.
-
Krishna Chowdary Paricharla 2,075 Reputation points Microsoft External Staff Moderator
2025-08-07T23:50:12.8033333+00:00 Hello Utkarsh Rai •,
Just checking in to see if you've had a chance to review my previous response. Let me know if you have any additional questions
-
Krishna Chowdary Paricharla 2,075 Reputation points Microsoft External Staff Moderator
2025-08-09T02:39:14.9366667+00:00 Hello Utkarsh Rai •,
I wanted to follow up to see if you’ve had an opportunity to look over my earlier response. Please let me know if you have any further questions.
Sign in to comment
Sign in to answer