Managing Machine Connectivity Access
  • 23 May 2022
  • 2 Minutes to read
  • Contributors
  • Comments
  • Dark
    Light
  • PDF

Managing Machine Connectivity Access

  • Comments
  • Dark
    Light
  • PDF

#ServerlessTips - Power Automate
Author: Kent Weare Integration MVP

In a previous tip, we discussed how we can use the new Machine connectivity when calling Power Automate Desktop from our Cloud flow. As we learned, the experience is quite simple and can be setup quickly. However, for some organizations, they may want to restrict who can register a machine and limit what they can do with that machine.

By default, an Environment Maker can register a machine. This is the standard role that allows someone to make/build something in the Power Platform like creating a cloud flow. For some organizations, this may be too liberal of a permission and want to have some additional control.

Microsoft has included 3 out of box roles that provide organizations with more control. An administrator can assign these roles form the Power Platform Admin Center.
1-Roles

The specific permissions of these roles are represented below.
2-permissions

Let’s now explore what the impact to our experience is if we assign the Desktop Flows Machine User role to a person and remove the relevant machine permissions from the Environment Maker Role.

As an administrator, we can remove the default permissions from the security role.
4-update

For our user, we will assign the Desktop Flows Machine User security role.
5-UpdateRole

With our regular user logged into Power Automate Desktop, if we navigate to the Settings – Machine tab, we will see that we don’t have the rights to register our machine.
3-register

However, in our example, we want our user to be able to use this Machine, but just not manage it. What we can do is have an Administrator register the machine and then share it with our regular user from the Power Automate maker portal.
6-Share

If we now log back into PAD with our user, we should see that the machine is registered and available for our use.
7-readOnly

Similarly, if we log into the Power Automate maker portal as our user, we will see that we now have User access and can see that the administrator is the Owner of the machine.
8-Portal

Conclusion

Using Machine connectivity reduces the overhead of managing Power Automate Desktop and the On-premises data gateway. However, just because Machine connectivity is now embedded in Power Automate Desktop, it doesn’t mean that organizations don’t have governance controls. Using out of box roles, we can control what users are able to do as it pertains to Machine connectivity.


Was this article helpful?