I write this topic to learn better the use of the Connection Reference, in terms of Security/Licencing (the concept of the utility, I get it).
I'm currently busy with my customer which works exclusively in "low code" approach, and there is a lot of small apps (model driven or canvas app) to do. In other terms, we have a lot of different solutions which have a lot of Power Automates....
At the beginning, the connection reference was settled with a personal account from someone of the team. Ofc, we've understood quickly the problem about the maintenability and the security with a configuration like that. So now, we try to put in place a more secure and oob approach about these connections reference.
- For the "Dataverse steps" (inside the power automate), it's "easy" because we created some application users in Azure/Dataverse (one for each app and for each env. with a security role dedied to avoid to work with an application user which is "Admin") so it seems ok (from our point of view).
- For the "Sharepoint steps", if I follow the logic from the "Dataverse steps", I should create one technical user for each of my app (by env.) to be sure that I don't create an unique technical user which is owner of all of my sharepoint sites. Like that, I've a segregation against the database stored in the sharepoint sites (so, it's more secure...).
Any advice/remark is more than welcome here 🙂
- and I made this for each type of steps inside of my power automate (when it's justified ofc).
For example, the steps which are linked to a shared mailbox will be linked to the technical user of the shared mailbox, etc
Another reflexion (which is directly linked to the previous one) is about the licencing to use when we use different technical users (behind the connection reference) within the Power Automate.
For example, I've an app, called "Lunch order". And for this app, I've a Power Automate which :
- Creates a record in a table in Dataverse
- Populates a Microsoft Word template (from a template present on the Sharepoint Site)
- Stores the Microsoft Word document (which has been edited from the template) in a folder present in the Sharepoint Site
So, I've 2 application/technical users dedicated to 2 connection reference for this Power Automate
1) "TechUser_Sharepoint_PRD" which has the adequate privilege on the target Sharepoint Site
2) "AppUser_Dataverse_PRD" which has the adequate security role on the right env. of Dataverse (and where no licence is required...)
- Does "TechUser_Sharepoint_PRD" must have to a Office (E1 or E3 or E5) licence because he is linked to a sharepoint step ?
- Does "TechUser_Sharepoint_PRD" must have to a Dynamics licence because he is linked to a Word step (which is a premium connector) ?
Sorry if it's something already asked and responded (but I don't find something about this topic) and It's very unclear for me here 😕
Solved! Go to Solution.
The Super User program for 2022 - Season 2 has kicked off!
The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.