Solved: Re: Environments and Model Driven Apps - grant acc...

Brice235i · ‎08-26-2020

Hi, we have a large support team and hoping to give them access to environments and model driven apps via Security group but this doesn't seem possible. Seems we can only add one-by-one. I don't want to make them all Power Platform Administrators. Wondering if anyone has any ideas. It is taking forever to grant access one-by-one.

I can't see any Powershell commands to assist either.

Thank you.

Brice235i · ‎08-27-2020

Hello Sik, I read this, but I don't think I want to associate the support team with the environment as this will restrict access to the support team only?

I ended up creating an Owner Team for the environments - Team Type AAD Security Group. Not sure if I'm on the right track. I read about this here: https://docs.microsoft.com/en-us/power-platform/admin/manage-teams

View solution in original post

GarryPope · ‎08-26-2020

Hello @Brice235i,

I hope all is well. Where I work, we associate Power Platform environments with specific Security Groups and never have a problem. This link gives some information about this.

Reply back if you need more information and maybe someone else can help.

Regarding assigning Security Groups to model-driven apps, we haven't done this. We've assigned then to CDS Security Roles, so I couldn't say if this is possible or not. If I was going to guess, I'd say no. Here is a link about sharing model-driven apps with Security Roles.

Thanks very much,

Garry

v-siky-msft · ‎08-27-2020

Hi @Brice235i ,

You can associate a security group with a Common Data Service environment, and then users with Common Data Service licenses that are members of the environment security group will be created as users in the Common Data Service environment.

Then next step is to assign security roles to all users. Try to multi-select all users to assign security roles in bulk.

Reference: Control user access to environments: security groups and licenses ,

Hi @Brice235i ,

You can associate a security group with a Common Data Service environment, and then users with Common Data Service licenses that are members of the environment security group will be created as users in the Common Data Service environment.

Then next step is to assign security roles to all users. Try to multi-select all users to assign security roles in bulk.

Reference: Control user access to environments: security groups and licenses Assign a security role to a user

Hope this helps.

Sik

Hope this helps.

Sik

Brice235i · ‎08-27-2020

Thank you Garry! I did read that, but I thought it would be restricting the environment to just that security group. I'll take another look.

Regards,

Nicolle.

Brice235i · ‎08-27-2020

Hello Sik, I read this, but I don't think I want to associate the support team with the environment as this will restrict access to the support team only?

I ended up creating an Owner Team for the environments - Team Type AAD Security Group. Not sure if I'm on the right track. I read about this here: https://docs.microsoft.com/en-us/power-platform/admin/manage-teams

v-siky-msft · ‎08-27-2020

Hi @Brice235i ,

Yes, you are right. Azure AD Group Team may be more appropriate. Not only can it control access to the environment based on Azure AD group membership, but users within the group can also automatically inherit the security roles assigned to the group. This is great.

Sik

Environments and Model Driven Apps - grant access via Security Group?

Helpful resources

Power Apps News & Announcements

Introducing the Community Calls Conversations

Power Apps Community Blog