cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
mjbcruz
Advocate I
Advocate I

PowerApp Environment Administration

We created 3 new environments:
BU Dev, BU Test - Sandbox

BU Prod - Production

For the BU Test and BU Prod we are using 1 service account to be the owner of all the workflow and apps. This is to prevent owners from modifying the apps and workflows in the test and prod environments.  
Is this setup ok? Will we have issue later on if only 1 user is the owner of all the apps and workflows?

Please note that if the number of apps per departments reaches to hundreds, we plan to create 1 test and 1 prod environment per dept. We'll create 1 service account per dept as well. But for now since there's only a few apps across the company we'll just have 1 test and 1 prod.

1 ACCEPTED SOLUTION

Accepted Solutions

As long as you control access to that account, using a service account is a viable strategy. It also depends on the services that you are connecting to. For example, if you are using CDS, you should not have all flows connect to CDS using the same account, unless you want all records created by flow to be owned by the same account. In that case I would use a service principal to handle the login to CDS.

 

The other thing to think about is how to handle password changes for the service account. Try to use a non-expiring password because you don't want your flows to stop if the account password changes.

 

You might want to share the apps and flows with at least one other account in case something happens with the main account.

View solution in original post

4 REPLIES 4

As long as you control access to that account, using a service account is a viable strategy. It also depends on the services that you are connecting to. For example, if you are using CDS, you should not have all flows connect to CDS using the same account, unless you want all records created by flow to be owned by the same account. In that case I would use a service principal to handle the login to CDS.

 

The other thing to think about is how to handle password changes for the service account. Try to use a non-expiring password because you don't want your flows to stop if the account password changes.

 

You might want to share the apps and flows with at least one other account in case something happens with the main account.

Thanks so much @jlindstrom !
We'll share the apps to the PowerApps administrators. 
Is there a way I can allow flow logs to be viewed without making the users as owners.  
What worries me is if we have like 100+ workflows and receiving several request to check workflow logs for failed workflows. 

I'm not aware of a way to do that, but maybe configure run after logic so if there is an error it notifies someone or logs the error in someplace where they can see it.  https://crmtipoftheday.com/1359/whose-fault-is-it-in-power-automate/

Thanks @jlindstrom . 

Helpful resources

Announcements
Power Apps News & Annoucements carousel

Power Apps News & Announcements

Keep up to date with current events and community announcements in the Power Apps community.

Power Apps Community Blog Carousel

Power Apps Community Blog

Check out the latest Community Blog from the community!

Users online (5,389)