Solved: Cannot use Set-AdminFlowOwnerRole

aboodhamwi · ‎09-05-2019

Hi,

My user has global admin role, but once I'm trying to execute Set-AdminFlowOwnerRole I'm getting the error

Code        : Forbidden
Description : Forbidden
Error       :
Errors      :
Internal    : System.Net.HttpWebResponse

any ideas

aboodhamwi · ‎09-11-2019

The issue was, that flow is a solution aware flow, and you cannot change the owner of it

View solution in original post

v-monli-msft · ‎09-06-2019

Hi @aboodhamwi ,

Check if this helps:

https://www.powershellgallery.com/packages/Microsoft.PowerApps.Administration.PowerShell/2.0.1/Conte...

function Set-AdminFlowOwnerRole
{
<#
.SYNOPSIS
sets owner permissions to the flow.
.DESCRIPTION
The Set-AdminFlowOwnerRole set up permission to flow depending on parameters.
Use Get-Help Set-AdminFlowOwnerRole -Examples for more detail.
.PARAMETER EnvironmentName
Limit app returned to those in a specified environment.
.PARAMETER FlowName
Specifies the flow id.
.PARAMETER RoleName
Specifies the access level for the user on the flow; CanView or CanEdit
.PARAMETER PrincipalType
Specifies the type of principal that is being added as an owner; User or Group (security group)
.PARAMETER PrincipalObjectId
Specifies the principal object Id of the user or security group.
.EXAMPLE
Set-AdminFlowOwnerRole -PrincipalType Group -PrincipalObjectId b049bf12-d56d-4b50-8176-c6560cbd35aa -RoleName CanEdit -FlowName 1ec3c80c-c2c0-4ea6-97a8-31d8c8c3d488 -EnvironmentName Default-55abc7e5-2812-4d73-9d2f-8d9017f8c877
Add the specified security group as an owner fo the flow with name 1ec3c80c-c2c0-4ea6-97a8-31d8c8c3d488
#>
[CmdletBinding(DefaultParameterSetName="User")]
param
(
[Parameter(Mandatory = $true, ParameterSetName = "User", ValueFromPipelineByPropertyName = $true)]
[string]$FlowName,

[Parameter(Mandatory = $true, ParameterSetName = "User", ValueFromPipelineByPropertyName = $true)]
[string]$EnvironmentName,

[Parameter(Mandatory = $true, ParameterSetName = "User")]
[ValidateSet("User", "Group")]
[string]$PrincipalType,

[Parameter(Mandatory = $true, ParameterSetName = "User")]
[ValidateSet("CanView", "CanEdit")]
[string]$RoleName,

[Parameter(Mandatory = $true, ParameterSetName = "User")]
[string]$PrincipalObjectId = $null,

[Parameter(Mandatory = $false, ParameterSetName = "User")]
[string]$ApiVersion = "2016-11-01"
)

process
{
$userOrGroup = Get-UsersOrGroupsFromGraph -ObjectId $PrincipalObjectId
$PrincipalDisplayName = $userOrGroup.DisplayName
$PrincipalEmail = $userOrGroup.Mail

$route = "https://{flowEndpoint}/providers/Microsoft.ProcessSimple/scopes/admin/environments/{environment}/flows/{flowName}/modifyPermissions?api-version={apiVersion}" `
| ReplaceMacro -Macro "{flowName}" -Value $FlowName `
| ReplaceMacro -Macro "{environment}" -Value (ResolveEnvironment -OverrideId $EnvironmentName);

#Construct the body
$requestbody = $null

$requestbody = @{
put = @(
@{
properties = @{
principal = @{
email = $PrincipalEmail
id = $PrincipalObjectId
type = $PrincipalType
displayName = $PrincipalDisplayName
}
roleName = $RoleName
}
}
)
}

$result = InvokeApi -Method POST -Route $route -Body $requestbody -ApiVersion $ApiVersion

CreateHttpResponse($result)
}
}

Regards,

Mona

Community Support Team _ Mona Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

aboodhamwi · ‎09-11-2019

The issue was, that flow is a solution aware flow, and you cannot change the owner of it

View solution in original post

Cannot use Set-AdminFlowOwnerRole

Re: Cannot use Set-AdminFlowOwnerRole

Re: Cannot use Set-AdminFlowOwnerRole

Re: Cannot use Set-AdminFlowOwnerRole

Helpful resources

Demo-Extravaganza 2020

Robotic Process Automation

Community Highlights

Community User Group Member Badges