Using Power Platform Admin Role
    • Dark
      Light
    • PDF

    Using Power Platform Admin Role

    • Dark
      Light
    • PDF

    Article Summary

    Historically, there were challenges balancing the right level of access for administrative actions within the Power Platform. Generally, there were two roles in the Power Platform that you could have

    • Maker
    • Administrator

    The Maker role is for end users who want to make apps and flows within Power Platform environments. As we break down the administrator role, there were two ‘flavors’ of the administrator role

    • Environment administrator
    • Tenant administrator

    The Environment administrator role had administrative permissions over a specific environment. This was adequate permissions for many aspects of managing the Power Platform, but only for a specific environment.

    Alternatively, using the Tenant administrator role, now known as the Microsoft 365 Global admin role, provided full administrative permissions for the Power Platform, but also for other services in the Microsoft ecosystem. For many organizations, they were reluctant to provide this role to people who were only interested in managing the Power Platform.

    Recently, Microsoft introduced a new role that is found within the Microsoft 365 admin center that allows a person to have full administrative privileges for the Power Platform, but without having the Microsoft 365 Global admin role. This role is suitably called the Power Platform administrator role. This role can manage the following areas of the Power Platform, including

    • Environments
      o Creation
      o Backup and restore
      o Copy

    • Analytics
      o Capacity
      o Common Data Service
      o Power Automate
      o Power Apps

    • Help + support
      o Create and access support requests

    • Data integration
      o Create new project and connection sets

    • Data gateways
      o View Gateways

    • Data Loss Prevention
      o View and manage tenant policies
      o View and manage environment policies

    • Management Connectors
      o Execute actions based upon environment and tenant scopes

    To assign a user the Power Platform administrator role, a Microsoft 365 Global Admin can assign this role from the Microsoft 365 admin center by

    • Navigating to the Active users experience, select the user who you would like to become a Power Platform administrator and click Manage roles.

    1-users

    • Expand the Show all by category dropdown and then select Power Platform admin. Click Save changes to complete the assignment.

    2-role

    We can now log into the Power Platform admin center with this user and we will discover that we can access administrative features like Analytics.

    3-analytics

    Conclusion

    This new Power Platform administrator role is important as it aligns with the principle of least privilege. In this context, providing tenant admin to administer the Power Platform is too much. But, only providing environment admin is either cumbersome to manage or you don’t end up providing enough holistic access to manage your Power Platform assets in the tenant. Every organization should be using this new role.


    Was this article helpful?