Using Power Platform Admin Role
Historically, there were challenges balancing the right level of access for administrative actions within the Power Platform. Generally, there were two roles in the Power Platform that you could have
The Maker role is for end users who want to make apps and flows within Power Platform environments. As we break down the administrator role, there were two ‘flavors’ of the administrator role
• Environment administrator
• Tenant administrator
The Environment administrator role had administrative permissions over a specific environment. This was adequate permissions for many aspects of managing the Power Platform, but only for a specific environment.
Alternatively, using the Tenant administrator role, now known as the Microsoft 365 Global admin role, provided full administrative permissions for the Power Platform, but also for other services in the Microsoft ecosystem. For many organizations, they were reluctant to provide this role to people who were only interested in managing the Power Platform.
Recently, Microsoft introduced a new role that is found within the Microsoft 365 admin center that allows a person to have full administrative privileges for the Power Platform, but without having the Microsoft 365 Global admin role. This role is suitably called the Power Platform administrator role. This role can manage the following areas of the Power Platform, including
o Backup and restore
o Common Data Service
o Power Automate
o Power Apps
Help + support
o Create and access support requests
o Create new project and connection sets
o View Gateways
Data Loss Prevention
o View and manage tenant policies
o View and manage environment policies
o Execute actions based upon environment and tenant scopes
To assign a user the Power Platform administrator role, a Microsoft 365 Global Admin can assign this role from the Microsoft 365 admin center by
• Navigating to the Active users experience, select the user who you would like to become a Power Platform administrator and click Manage roles.
• Expand the Show all by category dropdown and then select Power Platform admin. Click Save changes to complete the assignment.
We can now log into the Power Platform admin center with this user and we will discover that we can access administrative features like Analytics.
This new Power Platform administrator role is important as it aligns with the principle of least privilege. In this context, providing tenant admin to administer the Power Platform is too much. But, only providing environment admin is either cumbersome to manage or you don’t end up providing enough holistic access to manage your Power Platform assets in the tenant. Every organization should be using this new role.