Managing Machine Connectivity Access
In a previous tip, we discussed how we can use the new Machine connectivity when calling Power Automate Desktop from our Cloud flow. As we learned, the experience is quite simple and can be setup quickly. However, for some organizations, they may want to restrict who can register a machine and limit what they can do with that machine.
By default, an Environment Maker can register a machine. This is the standard role that allows someone to make/build something in the Power Platform like creating a cloud flow. For some organizations, this may be too liberal of a permission and want to have some additional control.
Microsoft has included 3 out of box roles that provide organizations with more control. An administrator can assign these roles form the Power Platform Admin Center.
The specific permissions of these roles are represented below.
Let’s now explore what the impact to our experience is if we assign the Desktop Flows Machine User role to a person and remove the relevant machine permissions from the Environment Maker Role.
As an administrator, we can remove the default permissions from the security role.
For our user, we will assign the Desktop Flows Machine User security role.
With our regular user logged into Power Automate Desktop, if we navigate to the Settings – Machine tab, we will see that we don’t have the rights to register our machine.
However, in our example, we want our user to be able to use this Machine, but just not manage it. What we can do is have an Administrator register the machine and then share it with our regular user from the Power Automate maker portal.
If we now log back into PAD with our user, we should see that the machine is registered and available for our use.
Similarly, if we log into the Power Automate maker portal as our user, we will see that we now have User access and can see that the administrator is the Owner of the machine.
Using Machine connectivity reduces the overhead of managing Power Automate Desktop and the On-premises data gateway. However, just because Machine connectivity is now embedded in Power Automate Desktop, it doesn’t mean that organizations don’t have governance controls. Using out of box roles, we can control what users are able to do as it pertains to Machine connectivity.