cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
MarkPP
Helper II
Helper II

Managing environment permissions with Security/Office Groups

I have a scenario where i want to be able to manage some roles in an environment/s via a security/office group. I believe the way this is done is by creating a Team in the back-end of the environment and then configuring it to use the security / office group. Once you have created the team you can then assign the security role for that team. However, after setting this up it doesn’t seem to have done anything (I have waited days). It doesn't look to have synced the members as although users have been added to the AAD Group they aren’t appearing as members in the team inside the environment. If the users in the Security/Office group go to Power Apps they don't see the environment either.

 

I am pulling my hair out so assuming i have done something wrong.

1 ACCEPTED SOLUTION

Accepted Solutions

@MarkPP   

All your steps are on the right way, but they are special administrator's security roles, it can only be assigned to users directly.

The explanation for both security roles is in the article I shared. 

As an alternative workaround, you can go to copy the 'System Administrator and Environment Maker' security roles, and try to set copies to Group.

 

Snipaste_2020-01-31_17-33-46.pngSnipaste_2020-01-31_17-55-04.png

 

View solution in original post

3 REPLIES 3
v-siky-msft
Community Support
Community Support

@MarkPP,

 

Could you please share the detailed steps about how did you do that?

Which security role did you assign to the Team?

If 'System Administrator and Environment Maker security roles' are assigned to Group teams, team members get the team privileges only and won't have any direct/inherited privileges. Team members won't be able to perform all the system administrator and environment maker functions. In addition they won't be able to see the list of all the environments in their tenant.

Reference: https://docs.microsoft.com/en-us/power-platform/admin/manage-teams#edit-a-group-team 

Sik

@v-siky-msft Thanks. Please see the steps below

 

Go to https://admin.powerplatform.microsoft.com/environments > Select the environment you want to use > Settings > Under Users and Permissions select 'Teams'

 

Select New and populate the following fields:

Team Name

Administrator

Team Type > AAD Office Group

Azure AD Object Id for a group > Object Id of group

 

Select Save

 

Once Saved select Manage Roles > I was choosing either System Administrator or Environment Maker

 

From your statement it seems to imply that you cannot assign Environment Maker or System Administrator using a security group. Does that mean the Microsoft - Establishing an environment strategy article refer to something else when referring to security groups? https://powerapps.microsoft.com/en-us/blog/establishing-an-environment-strategy-for-microsoft-power-...

 

SecurityGroups.png

The environment strategy article (Link above) suggests that the Project dev security group are environment makers. Is it a case that what they are referring to is environments which don't have a CDS database? That way you can assign a security group to that role? If that is the case it would be good to point it out so it is clear. The same article also states

 

Share resources with Azure AD Security Groups
Security Groups can be used to manage access to PowerApps, Flows, Common Data Service security roles

 

Are the Environment Maker and System Administrator roles not considered as Common Data Service security roles?

 

Thanks for your help.

@MarkPP   

All your steps are on the right way, but they are special administrator's security roles, it can only be assigned to users directly.

The explanation for both security roles is in the article I shared. 

As an alternative workaround, you can go to copy the 'System Administrator and Environment Maker' security roles, and try to set copies to Group.

 

Snipaste_2020-01-31_17-33-46.pngSnipaste_2020-01-31_17-55-04.png

 

View solution in original post

Helpful resources

Announcements
PA_User Group Leader_768x460.jpg

Manage your user group events

Check out the News & Announcements to learn more.

Power Query PA Forum 768x460.png

Check it out!

Did you know that you can visit the Power Query Forum in Power BI and now Power Apps

Carousel 2021 Release Wave 2 Plan 768x460.jpg

2021 Release Wave 2 Plan

Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.

PowerPlatform 768x460.png

Microsoft Learn

Check out our new Discover Your Career Path blog post series and get all the details.

Users online (2,449)