User_Accounts_Access_PowerPlatform

User_Accounts_Access_PowerPlatform

 

User_Accounts_Access_PowerPlatform


Use Case:

Providing users with necessary access to Power Apps is one of the common and most critical job of the environment administrator. While CoE toolkits offers scripts for user control and access management programmatically, this blog is to provide details around the “places” to look out for providing user with necessary access.

Account Settings:

User account will be managed in many places depends on the type of instance, environment and Power App. Below are some of the most common places to look for user rights:

  • Office 365 Account
  • Power Platform License Access to Users
  • Power Apps Shared to User
  • Power Apps App plan to user account
  • Power Pages, Power Virtual Agent and Copilot Studio
  • Dataverse Access if the app uses dataverse DB and/or D365 Apps
  • Dynamics 365 Admin
  • Azure User Accounts
  • SharePoint Doc Library / List Access
  • Power BI / Synapse / Fabric
  • TEAMS Power App

Third Pary Account Settings:

If the apps has backend integration to systems such as SAP, SFDC, JIRA, Service Now and other 3rd party apps either via accounts or API, necessary user access should be granted.

  • Custom Connector: If the customer connector is used for user activities, make sure the user has access to the connector.
  • On-Prem Gateway: This will be required for on-prem / legacy system integration and for service accounts not necessarily for users.

Office 365 Account Management:
 
User_Accounts_Access_PowerPlatform

Under Users section, you will have the details of users who has necessary license and access to apps.

User_Accounts_Access_PowerPlatform

User_Accounts_Access_PowerPlatform

Click on Manage product licenses → Enable/Disable license for users.

User_Accounts_Access_PowerPlatform
Power Apps User Account:

User_Accounts_Access_PowerPlatform

  • In the space marked above, add the users and share the App.
  • Do note, if the app has sharepoint or dataverse or connector or other M365 connected to it, you will need to provide user access to those systems as well.

Dynamics 365 Security Roles at Power Platform Administration Page:

User_Accounts_Access_PowerPlatform

User_Accounts_Access_PowerPlatform

Navigate to Users + Permissions:

User_Accounts_Access_PowerPlatform

  • In this page you can manage user roles, rights, duties, privileges and also create customer security roles based on use cases.
  • Do note, there are several built-in security roles to utilize. Recommendation is to use OOB roles as required and customize only if its required.
  • Managing many customer roles and rights will be difficult in an enterprise environment.

User_Accounts_Access_PowerPlatform

Azure User Management:

  • When azure services are used in the context of power platform, for ex: Apps insights, pay-as-you-go model, AI Services, Data services and others – it is necessary to ensure the appropriate access are provided via azure portal.
  • Click User to view the access and modify as required

User_Accounts_Access_PowerPlatform

User_Accounts_Access_PowerPlatform

M365 Access:

In most cases, simple power apps utilizes SharePoint List as data source and integrated with Power BI and the app is made either as standalone Power Apps or TEAMS power Apps. Ensure the user access is provided to these apps as required.

User_Accounts_Access_PowerPlatform

Power Page Access:

Power Virtual Agent / Chatbot:

Share a bot for chat

Bot makers that you’ve shared your bot with for collaborative authoring will always have permission to chat with the bot. However, you can also grant users permission to chat with the bot without granting them authoring permissions.

To grant users permission to only chat with the bot, you can either:

  • Share your bot with a security group.
  • Share your bot with everyone in your organization.

Share bot with security groups

You can share your bot with security groups so their members can chat with the bot.

    1. Select Share at the top of the bot’s overview page.

User_Accounts_Access_PowerPlatform

    1. Specify the security group name that you would like to share the bot with.

Note

When sharing a bot for chat, you can only share a bot with security groups. You can’t share it with:

      • Microsoft 365 groups.
      • Individual users directly. To manage individual user access, add or remove users from the security group.

User_Accounts_Access_PowerPlatform

    1. Review the security group’s permission

User_Accounts_Access_PowerPlatform

    1. If you want to let users know you’ve shared the bot with them, select the Send an email invitation to new users check box.

Note

Only security groups with email enabled will receive an email invitation. You can copy the link for the Demo website and share it with users directly so they can chat with the bot.

  1. Select Share to share the bot with the new security groups.

Share bot with everyone in the organization

You can share your bot to allow everyone in the same organization the bot to chat with it.

    1. Select Share at the top of the bot’s overview page.
    2. Select Everyone in your organization’s name.
    3. Select User – can use the bot option.

User_Accounts_Access_PowerPlatform

Note

Microsoft Copilot Studio will not send email invitations to everyone in the organization. You can copy the link for the Demo website and share it with users directly so they can chat with the bot.

    1. Select Share to share the bot with everyone in the organization.

Stop sharing bot

You can stop sharing the bot with a security group or everyone in your organization.

Stop sharing with a security group

      1. Select Share at the top of the bot’s overview page.
      2. Select X next to the security groups that you want to stop sharing the bot with.

User_Accounts_Access_PowerPlatform

      1. Select Share to stop sharing the bot with the security groups.

Stop sharing with everyone in the organization

      1. Select Share on the bot’s overview page.
      2. Select Everyone in your organization’s name.
      3. Select None option.

User_Accounts_Access_PowerPlatform

    1. Select Share to stop sharing the bot with everyone in the organization.
    2. Select Share to stop sharing the bot with everyone in the organization.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *