Merge pull request #271944 from ecfan/patch-1

prmerger-automator[bot] · web-flow · commit ec609fde024c · 2024-04-11T21:39:42.000Z
Clarify restrictions on using a managed identity with Service Bus connector
diff --git a/articles/connectors/connectors-create-api-servicebus.md b/articles/connectors/connectors-create-api-servicebus.md
@@ -5,7 +5,7 @@ services: logic-apps
 ms.suite: integration
 ms.reviewer: estfan, azla
 ms.topic: how-to
-ms.date: 02/28/2024
+ms.date: 04/11/2024
 ms.custom: engagement-fy23
 ---
 
@@ -52,9 +52,13 @@ The Service Bus connector has different versions, based on [logic app workflow t
 
 * If your logic app resource uses a managed identity for authenticating access to your Service Bus namespace and messaging entity, make sure that you've assigned role permissions at the corresponding levels. For example, to access a queue, the managed identity requires a role that has the necessary permissions for that queue.
 
-  Each managed identity that accesses a *different* messaging entity should have a separate connection to that entity. If you use different Service Bus actions to send and receive messages, and those actions require different permissions, make sure to use different connections.
+  * Each logic app resource should use only one managed identity, even if the logic app's workflow accesses different messaging entities.
 
-  For more information about managed identities, review [Authenticate access to Azure resources with managed identities in Azure Logic Apps](../logic-apps/create-managed-service-identity.md).
+  * Each managed identity that accesses a queue or topic subscription should use its own Service Bus API connection.
+
+  * Service Bus operations that exchange messages with different messaging entities and require different permissions should use their own Service Bus API connections.
+
+  For more information about managed identities, see [Authenticate access to Azure resources with managed identities in Azure Logic Apps](../logic-apps/create-managed-service-identity.md).
 
 * By default, the Service Bus built-in connector operations are *stateless*. To run these operations in stateful mode, see [Enable stateful mode for stateless built-in connectors](../connectors/enable-stateful-affinity-built-in-connectors.md).
 
