cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
mjbcruz
Advocate I
Advocate I

PowerApp Environment Administration

‎06-15-2020 02:04 AM

We created 3 new environments:
BU Dev, BU Test - Sandbox

BU Prod - Production

For the BU Test and BU Prod we are using 1 service account to be the owner of all the workflow and apps. This is to prevent owners from modifying the apps and workflows in the test and prod environments.  
Is this setup ok? Will we have issue later on if only 1 user is the owner of all the apps and workflows?

Please note that if the number of apps per departments reaches to hundreds, we plan to create 1 test and 1 prod environment per dept. We'll create 1 service account per dept as well. But for now since there's only a few apps across the company we'll just have 1 test and 1 prod.

Message 1 of 5
804 Views
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
jlindstrom
MVP

‎06-15-2020 04:16 AM

As long as you control access to that account, using a service account is a viable strategy. It also depends on the services that you are connecting to. For example, if you are using CDS, you should not have all flows connect to CDS using the same account, unless you want all records created by flow to be owned by the same account. In that case I would use a service principal to handle the login to CDS.

 

The other thing to think about is how to handle password changes for the service account. Try to use a non-expiring password because you don't want your flows to stop if the account password changes.

 

You might want to share the apps and flows with at least one other account in case something happens with the main account.

View solution in original post

Message 2 of 5
798 Views
0 Kudos
4 REPLIES 4
jlindstrom
MVP

‎06-15-2020 04:16 AM

As long as you control access to that account, using a service account is a viable strategy. It also depends on the services that you are connecting to. For example, if you are using CDS, you should not have all flows connect to CDS using the same account, unless you want all records created by flow to be owned by the same account. In that case I would use a service principal to handle the login to CDS.

 

The other thing to think about is how to handle password changes for the service account. Try to use a non-expiring password because you don't want your flows to stop if the account password changes.

 

You might want to share the apps and flows with at least one other account in case something happens with the main account.

Message 2 of 5
799 Views
0 Kudos
mjbcruz
Advocate I
Advocate I
In response to jlindstrom

‎06-15-2020 07:40 AM

Thanks so much @jlindstrom !
We'll share the apps to the PowerApps administrators. 
Is there a way I can allow flow logs to be viewed without making the users as owners.  
What worries me is if we have like 100+ workflows and receiving several request to check workflow logs for failed workflows. 

Message 3 of 5
789 Views
0 Kudos
jlindstrom
MVP
In response to mjbcruz

‎06-16-2020 09:31 PM

I'm not aware of a way to do that, but maybe configure run after logic so if there is an error it notifies someone or logs the error in someplace where they can see it.  https://crmtipoftheday.com/1359/whose-fault-is-it-in-power-automate/

Message 4 of 5
772 Views
mjbcruz
Advocate I
Advocate I
In response to jlindstrom

‎06-17-2020 12:25 AM

Thanks @jlindstrom . 

Message 5 of 5
762 Views
0 Kudos

Helpful resources

Announcements
Power Apps News & Annoucements carousel

Power Apps News & Announcements

Keep up to date with current events and community announcements in the Power Apps community.

Power Apps Community Blog Carousel

Power Apps Community Blog

Check out the latest Community Blog from the community!

View All
Users online (5,389)