We created 3 new environments:
BU Dev, BU Test - Sandbox
BU Prod - Production
For the BU Test and BU Prod we are using 1 service account to be the owner of all the workflow and apps. This is to prevent owners from modifying the apps and workflows in the test and prod environments.
Is this setup ok? Will we have issue later on if only 1 user is the owner of all the apps and workflows?
Please note that if the number of apps per departments reaches to hundreds, we plan to create 1 test and 1 prod environment per dept. We'll create 1 service account per dept as well. But for now since there's only a few apps across the company we'll just have 1 test and 1 prod.
Solved! Go to Solution.
As long as you control access to that account, using a service account is a viable strategy. It also depends on the services that you are connecting to. For example, if you are using CDS, you should not have all flows connect to CDS using the same account, unless you want all records created by flow to be owned by the same account. In that case I would use a service principal to handle the login to CDS.
The other thing to think about is how to handle password changes for the service account. Try to use a non-expiring password because you don't want your flows to stop if the account password changes.
You might want to share the apps and flows with at least one other account in case something happens with the main account.
As long as you control access to that account, using a service account is a viable strategy. It also depends on the services that you are connecting to. For example, if you are using CDS, you should not have all flows connect to CDS using the same account, unless you want all records created by flow to be owned by the same account. In that case I would use a service principal to handle the login to CDS.
The other thing to think about is how to handle password changes for the service account. Try to use a non-expiring password because you don't want your flows to stop if the account password changes.
You might want to share the apps and flows with at least one other account in case something happens with the main account.
Thanks so much @jlindstrom !
We'll share the apps to the PowerApps administrators.
Is there a way I can allow flow logs to be viewed without making the users as owners.
What worries me is if we have like 100+ workflows and receiving several request to check workflow logs for failed workflows.
I'm not aware of a way to do that, but maybe configure run after logic so if there is an error it notifies someone or logs the error in someplace where they can see it. https://crmtipoftheday.com/1359/whose-fault-is-it-in-power-automate/