Accepted Solutions
Hi @ericonline,
It shouldn't matter who provision the CoE environment and install the solutions. The issue you're having is with the connection references and its connections which for most of them (e.g. Dataverse) you can setup with a service principal (SPN). This is best practices and shouldn't be configured with a user account, at a minimum with a service account and not a user account. Connection References are a little clunky, but Microsoft enhancements are coming, see below the step to configure them properly.
To setup your connections, create them in make.powerapps.com --> Data --> Connections. Dataverse connection is a little tricky, to setup with an SPN you'll need to:
- Create a dummy flow and pick any type of Dataverse action/trigger:
- Click the ellipses on the action and "New connection reference"
- Click "Connect with Service Principal"
- Don't forget to delete the dummy flow and dummy connection reference 🙂
Once connections are setup, create a new solution in the target environment, add all the connection references from the CoE solution (because you can't edit them from the CoE solutions) and bind the newly create connections to them.
Hope this helps!
Sorry for the long delay there - was on vacation the last week!
OK, so there are a few answers here, none of which you're going to love, but the sum total of them will get you where you want to be.
First, when the solution is imported, some defaults need to be set. Specifically, the person doing the solution import is set as the owner of any "record" customizations being created because someone needs to be the owner. This is why the person doing your imports defaults as the owner. There is no way of overriding this default behavior; you can only go back in after the fact and update ownership to change it to something/someone else.
Now, we need to cover some basics from the model-driven app world, which still intersect all these solution components even though you're only surfacing Canvas Apps. In that side of the house, records can be owned by Users or by Teams, and when owned by a Team, it is as though all users who are members of the team had ownership privs (technically there are other kinds of ownership too, but they don't matter for this conversation). PowerAutomate Flows work this way too, so when you look at the Details on a flow and see the Owners, you can Edit this value and assign other owners of the type User or Team.
But wait - you can't find any teams in that list! What gives? Only one team is created for an environment by default; it is the default team for the root business unit, and you can find it by searching on the name of the environment. By default, it will include all users added to this environment. But you want something different: you want your admins to have access and no one else. To do this, you'll need to create a new team. Go to admin.powerplatform.microsoft.com, pick your environment, and go to Settings-->Users + Permissions--> Teams to add a new team (we'll call it "Admins").
Once you create the team, add all the users you want to have ownership for the Flows as Members of the team. With the team created, go back to your flow, find Owners, Edit, and add the team as an owner. Easy Peasy.
But wait--this is a pain! Do I really need to do this for every powerautomate flow I ever make? Thankfully, no. When users leave the system, they might leave tons of pointers in the background; records of all kinds that they own from Business Process Flows to PowerAutomate Flows to actual system records. If that user was an admin, this could be really complex! Luckily, this is a long-solved problem. Way way way back MSFT solved this dilemma by adding a Reassign Records button to the User form. From admin.powerplatform... go to Security--> Users + Permissions--> Users and click Manage Users in Dynamics 365 to open the classic view.
Open the record of the user who has left your org and you will find a ribbon button for Reassign Records. IF YOU HAVE SYSADMIN PRIVS, This will bulk reassign everything everywhere owned by this user to whomever you choose. This is your magic one-stop-shop for disappearing teammates to make sure no records get orphaned.
So by now you're wondering why all this nonsense with Teams and Ownership instead of just granting privs to an app registration. The reason is that Dataverse automatically - and for every record ever retrieved - evaluates the privs of its core security model when determining who can read/write/delete/etc any resource. Sending the flow (or any other record) off to be owned by an app registration is possible, but it wouldn't solve your problem because all the Users you want to manage it still wouldn't be able to see it. For now, you need to play within the confines of the core security model to ensure their visibility, which I think is best done through team membership and ownership.
Hi @ericonline,
It shouldn't matter who provision the CoE environment and install the solutions. The issue you're having is with the connection references and its connections which for most of them (e.g. Dataverse) you can setup with a service principal (SPN). This is best practices and shouldn't be configured with a user account, at a minimum with a service account and not a user account. Connection References are a little clunky, but Microsoft enhancements are coming, see below the step to configure them properly.
To setup your connections, create them in make.powerapps.com --> Data --> Connections. Dataverse connection is a little tricky, to setup with an SPN you'll need to:
- Create a dummy flow and pick any type of Dataverse action/trigger:
- Click the ellipses on the action and "New connection reference"
- Click "Connect with Service Principal"
- Don't forget to delete the dummy flow and dummy connection reference 🙂
Once connections are setup, create a new solution in the target environment, add all the connection references from the CoE solution (because you can't edit them from the CoE solutions) and bind the newly create connections to them.
Hope this helps!
Helpful resources
Episode Seven of Power Platform Connections sees David Warner and Hugo Bernier talk to Dian Taylor, alongside the latest news, product reviews, and community blogs. Use the hashtag #PowerPlatformConnects on social media for a chance to have your work featured on the show.
Super Users – 2023 Season 1 We are excited to kick off the Power Users Super User Program for 2023 - Season 1. The Power Platform Super Users have done an amazing job in keeping the Power Platform communities helpful, accurate and responsive. We would like to send these amazing folks a big THANK YOU for their efforts. Super User Season 1 | Contributions July 1, 2022 – December 31, 2022 Super User Season 2 | Contributions January 1, 2023 – June 30, 2023 Curious what a Super User is? Super Users are especially active community members who are eager to help others with their community questions. There are 2 Super User seasons in a year, and we monitor the community for new potential Super Users at the end of each season. Super Users are recognized in the community with both a rank name and icon next to their username, and a seasonal badge on their profile. Power Apps Power Automate Power Virtual Agents Power Pages Pstork1* Pstork1* Pstork1* OliverRodrigues BCBuizer Expiscornovus* Expiscornovus* ragavanrajan AhmedSalih grantjenkins renatoromao Mira_Ghaly* Mira_Ghaly* Sundeep_Malik* Sundeep_Malik* SudeepGhatakNZ* SudeepGhatakNZ* StretchFredrik* StretchFredrik* 365-Assist* 365-Assist* cha_cha ekarim2020 timl Hardesh15 iAm_ManCat annajhaveri SebS Rhiassuring LaurensM abm TheRobRush Ankesh_49 WiZey lbendlin Nogueira1306 Kaif_Siddique victorcp RobElliott dpoggemann srduval SBax CFernandes Roverandom schwibach Akser CraigStewart PowerRanger MichaelAnnis subsguts David_MA EricRegnier edgonzales zmansuri GeorgiosG ChrisPiasecki ryule AmDev fchopo phipps0218 tom_riha theapurva takolota Akash17 momlo BCLS776 Shuvam-rpa rampprakash ScottShearer Rusk ChristianAbata cchannon Koen5 a33ik Heartholme AaronKnox Matren Alex_10 Jeff_Thorpe poweractivate Ramole DianaBirkelbach DavidZoon AJ_Z PriyankaGeethik BrianS StalinPonnusamy HamidBee CNT Anonymous_Hippo Anchov KeithAtherton alaabitar Tolu_Victor KRider sperry1625 IPC_ahaas zuurg rubin_boer cwebb365 Dorrinda G1124 Gabibalaban Manan-Malhotra jcfDaniel WarrenBelz Waegemma If an * is at the end of a user's name this means they are a Multi Super User, in more than one community. Please note this is not the final list, as we are pending a few acceptances. Once they are received the list will be updated.
We are so excited to see you for the Microsoft Power Platform Conference in Las Vegas October 3-5 2023! But first, let's take a look back at some fun moments and the best community in tech from MPPC 2022 in Orlando, Florida. Featuring guest speakers such as Charles Lamanna, Heather Cook, Julie Strauss, Nirav Shah, Ryan Cunningham, Sangya Singh, Stephen Siciliano, Hugo Bernier and many more. Register today: https://www.powerplatformconf.com/
We are excited to share the ‘Power Platform Communities Front Door’ experience with you! Front Door brings together content from all the Power Platform communities into a single place for our community members, customers and low-code, no-code enthusiasts to learn, share and engage with peers, advocates, community program managers and our product team members. There are a host of features and new capabilities now available on Power Platform Communities Front Door to make content more discoverable for all power product community users which includes ForumsUser GroupsEventsCommunity highlightsCommunity by numbersLinks to all communities Users can see top discussions from across all the Power Platform communities and easily navigate to the latest or trending posts for further interaction. Additionally, they can filter to individual products as well. Users can filter and browse the user group events from all power platform products with feature parity to existing community user group experience and added filtering capabilities. Users can now explore user groups on the Power Platform Front Door landing page with capability to view all products in Power Platform. Explore Power Platform Communities Front Door today. Visit Power Platform Community Front door to easily navigate to the different product communities, view a roll up of user groups, events and forums.
Welcome! Congratulations on joining the Microsoft Power Apps community! You are now a part of a vibrant group of peers and industry experts who are here to network, share knowledge, and even have a little fun! Now that you are a member, you can enjoy the following resources: The Microsoft Power Apps Community Forums If you are looking for support with any part of Microsoft Power Apps, our forums are the place to go. They are titled "Get Help with Microsoft Power Apps " and there you will find thousands of technical professionals with years of experience who are ready and eager to answer your questions. You now have the ability to post, reply and give "kudos" on the Power Apps community forums! Make sure you conduct a quick search before creating a new post because your question may have already been asked and answered! Microsoft Power Apps IdeasDo you have an idea to improve the Microsoft Power Apps experience, or a feature request for future product updates? Then the "Power Apps Ideas" section is where you can contribute your suggestions and vote for ideas posted by other community members. We constantly look to the most voted Ideas when planning updates, so your suggestions and votes will always make a difference. Community Blog & NewsOver the years, more than 600 Power Apps Community Blog Articles have been written and published by our thriving community. Our community members have learned some excellent tips and have keen insights on building Power Apps. On the Power Apps Community Blog, read the latest Power Apps related posts from our community blog authors around the world. Let us know if you would like to become an author and contribute your own writing — everything Power Apps related is welcome! Power Apps Samples, Learning and Videos GalleriesOur galleries have a little bit of everything to do with Power Apps. Our galleries are great for finding inspiration for your next app or component. You can view, comment and kudo the apps and component gallery to see what others have created! Or share Power Apps that you have created with other Power Apps enthusiasts. Along with all of that awesome content, there is the Power Apps Community Video & MBAS gallery where you can watch tutorials and demos by Microsoft staff, partners, and community gurus in our community video gallery. Again, we are excited to welcome you to the Microsoft Power Apps community family! Whether you are brand new to the world of process automation or you are a seasoned Power Apps veteran. Our goal is to shape the community to be your ‘go to’ for support, networking, education, inspiration and encouragement as we enjoy this adventure together! Let us know in the Community Feedback if you have any questions or comments about your community experience.To learn more about the community and your account be sure to visit our Community Support Area boards to learn more! We look forward to seeing you in the Power Apps Community!The Power Apps Team
