The minimal permission we need in the Logic App is the Send permission over the emailqueue queue. As mentioned, we want to assign the policy to the emailqueue queue rather than the entire namespace to limit the scope of access permissions to the minimum required.
To create the access policy for the Logic App, execute the following steps:
- To create a new, emailqueue-specific Send policy for the Logic App, navigate to Service Bus Namespace -> Queues -> emailqueue -> Shared Access Policies.
- Click on Add and enter the policy name, EmailQueueSendPolicy, and check the Send permission only.
- After the policy is created, to copy the connection string, navigate to Queues -> emailqueue -> Shared Access Policies ...