cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
mjbcruz
Advocate I
Advocate I

PowerApp Environment Administration

We created 3 new environments:
BU Dev, BU Test - Sandbox

BU Prod - Production

For the BU Test and BU Prod we are using 1 service account to be the owner of all the workflow and apps. This is to prevent owners from modifying the apps and workflows in the test and prod environments.  
Is this setup ok? Will we have issue later on if only 1 user is the owner of all the apps and workflows?

Please note that if the number of apps per departments reaches to hundreds, we plan to create 1 test and 1 prod environment per dept. We'll create 1 service account per dept as well. But for now since there's only a few apps across the company we'll just have 1 test and 1 prod.

1 ACCEPTED SOLUTION

Accepted Solutions

As long as you control access to that account, using a service account is a viable strategy. It also depends on the services that you are connecting to. For example, if you are using CDS, you should not have all flows connect to CDS using the same account, unless you want all records created by flow to be owned by the same account. In that case I would use a service principal to handle the login to CDS.

 

The other thing to think about is how to handle password changes for the service account. Try to use a non-expiring password because you don't want your flows to stop if the account password changes.

 

You might want to share the apps and flows with at least one other account in case something happens with the main account.

View solution in original post

4 REPLIES 4

As long as you control access to that account, using a service account is a viable strategy. It also depends on the services that you are connecting to. For example, if you are using CDS, you should not have all flows connect to CDS using the same account, unless you want all records created by flow to be owned by the same account. In that case I would use a service principal to handle the login to CDS.

 

The other thing to think about is how to handle password changes for the service account. Try to use a non-expiring password because you don't want your flows to stop if the account password changes.

 

You might want to share the apps and flows with at least one other account in case something happens with the main account.

View solution in original post

Thanks so much @jlindstrom !
We'll share the apps to the PowerApps administrators. 
Is there a way I can allow flow logs to be viewed without making the users as owners.  
What worries me is if we have like 100+ workflows and receiving several request to check workflow logs for failed workflows. 

I'm not aware of a way to do that, but maybe configure run after logic so if there is an error it notifies someone or logs the error in someplace where they can see it.  https://crmtipoftheday.com/1359/whose-fault-is-it-in-power-automate/

Thanks @jlindstrom . 

Helpful resources

Announcements
PA_User Group Leader_768x460.jpg

Manage your user group events

Check out the News & Announcements to learn more.

Power Query PA Forum 768x460.png

Check it out!

Did you know that you can visit the Power Query Forum in Power BI and now Power Apps

Carousel 2021 Release Wave 2 Plan 768x460.jpg

2021 Release Wave 2 Plan

Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.

PowerPlatform 768x460.png

Microsoft Learn

Check out our new Discover Your Career Path blog post series and get all the details.

Users online (1,745)