I have a scenario where i want to be able to manage some roles in an environment/s via a security/office group. I believe the way this is done is by creating a Team in the back-end of the environment and then configuring it to use the security / office group. Once you have created the team you can then assign the security role for that team. However, after setting this up it doesn’t seem to have done anything (I have waited days). It doesn't look to have synced the members as although users have been added to the AAD Group they aren’t appearing as members in the team inside the environment. If the users in the Security/Office group go to Power Apps they don't see the environment either.
I am pulling my hair out so assuming i have done something wrong.
Solved! Go to Solution.
All your steps are on the right way, but they are special administrator's security roles, it can only be assigned to users directly.
The explanation for both security roles is in the article I shared.
As an alternative workaround, you can go to copy the 'System Administrator and Environment Maker' security roles, and try to set copies to Group.
Could you please share the detailed steps about how did you do that?
Which security role did you assign to the Team?
If 'System Administrator and Environment Maker security roles' are assigned to Group teams, team members get the team privileges only and won't have any direct/inherited privileges. Team members won't be able to perform all the system administrator and environment maker functions. In addition they won't be able to see the list of all the environments in their tenant.
Reference: https://docs.microsoft.com/en-us/power-platform/admin/manage-teams#edit-a-group-team
Sik
@v-siky-msft Thanks. Please see the steps below
Go to https://admin.powerplatform.microsoft.com/environments > Select the environment you want to use > Settings > Under Users and Permissions select 'Teams'
Select New and populate the following fields:
Team Name
Administrator
Team Type > AAD Office Group
Azure AD Object Id for a group > Object Id of group
Select Save
Once Saved select Manage Roles > I was choosing either System Administrator or Environment Maker
From your statement it seems to imply that you cannot assign Environment Maker or System Administrator using a security group. Does that mean the Microsoft - Establishing an environment strategy article refer to something else when referring to security groups? https://powerapps.microsoft.com/en-us/blog/establishing-an-environment-strategy-for-microsoft-power-...
The environment strategy article (Link above) suggests that the Project dev security group are environment makers. Is it a case that what they are referring to is environments which don't have a CDS database? That way you can assign a security group to that role? If that is the case it would be good to point it out so it is clear. The same article also states
Share resources with Azure AD Security Groups
Security Groups can be used to manage access to PowerApps, Flows, Common Data Service security roles
Are the Environment Maker and System Administrator roles not considered as Common Data Service security roles?
Thanks for your help.
All your steps are on the right way, but they are special administrator's security roles, it can only be assigned to users directly.
The explanation for both security roles is in the article I shared.
As an alternative workaround, you can go to copy the 'System Administrator and Environment Maker' security roles, and try to set copies to Group.
User | Count |
---|---|
4 | |
4 | |
2 | |
1 | |
1 |
User | Count |
---|---|
5 | |
4 | |
3 | |
2 | |
1 |