cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
laurentissot
New Member

Power Platform Build Tools (1.0.13) backup Environment task

Hello,

We are using Azure DevOps Power Platform Build Tools (1.0.13) extension.

We are currently trying to use the following step : "Power Platform Backup Environment" and we would like to know when the feature using the service principal name will be available?

We're using at the moment a service account and the MFA is not supported with this authentication type.

We have read this documentation : https://docs.microsoft.com/en-us/power-platform/alm/devops-build-tool-tasks#power-platform-backup-en....

Do you have a narrower timeline for the availability of this feature ?

Many thanks in advance!

23 REPLIES 23
JeffCarma
Frequent Visitor

I have set the application user as a System Administrator per the docs. Sorry it's not working for you.

https://docs.microsoft.com/en-us/power-platform/alm/devops-build-tools

 

Ensure that the added Application User has the system administrator role assigned (available from “Manage Roles” in the security settings for the application user).

Thanks for linking to the docs! While skimming over it I think I might have found the culprit. The service principal (or rather: the application user) already has the role of a system administrator. But the docs mention another requirement:

 

This application is then added as an administrator user to the Microsoft Power Platform tenant itself.

 

As far as I know this has not happened. I will get in touch with our Power Platform / Dynamics 365 Admin next week so he will add the service principal accordingly. I will report back here if that resolves the issue.

khoait
Advocate I
Advocate I

I'm having the same error. The service principal doesn't have permission to the Power Platform backup  API endpoint.

As mentioned here, it probably need the "service admin" role: Power Platform Admin.

Use service admin roles to manage your tenant - Power Platform | Microsoft Docs

I'll ask for this permission and try again.

Hello @sit-md , did you resolve the issue by adding the application user as Power Platform admin ? Because from my side I have did'nt work for me and I the pipeline backup task return the error bellow :

Message=The service principal with id 'xxxxx' for application *** does not have permission to access the path 'https://api.bap.microsoft.com/providers/Microsoft.BusinessAppPlatform/environments/xxxxxxx/backups?a...'
 
Thank you for help

Hello @sit-md 

did you resolve the issue. I have the same issue on my pipeline. I add the user application as Administrator on Power platform Tenant but the pipeline return to me the same error :

The service principal with id 'xxxxx' for application *** does not have permission to access the path 'https://api.bap.microsoft.com

 

sit-md
Regular Visitor

Hi @HediBER unfortunately adding the role of Power Platform admin did not resolve the issue. I gave up for the time being. I also requested help from a Microsoft DSE multiple times but somehow he never got back to me about that specific topic. 

JeffCarma
Frequent Visitor

The docs say to add the service principal to the "System Administrator" role in the specific dynamics environment. It's easy to do using the new interface in https://admin.powerplatform.microsoft.com/

Just open the environment and click the S2S Apps link. Then choose the Service principal and add the System admin security role.

JeffCarma_0-1642524390332.png

 

HediBER
New Member

Hi @JeffCarma , I already add the application user as a system administrator in the target CRM environement and also I add him as a Power Platform administrator in the Tenant.

HediBER
New Member

@JeffCarma  I think I need to give the application user the authorization to use the api of Power Platform Management (https://api.bap.microsoft.com) at Azure AD Level. But which one I need to choose in the list :

HediBER_0-1642526601169.png

 

sit-md
Regular Visitor

@HediBER Your input got me thinking (and searching) and I think you might be right. Unfortunately adding this permission requires a tenant admin and that person needs to send a HTTP PUT request, adding the service principal as an admin management application. The process is described here: https://docs.microsoft.com/en-us/power-platform/admin/powerplatform-api-create-service-principal

 

If you get the chance maybe you can give that a go. If it starts working after that we found the culprit. I cannot test this short-term as I am working for a big organization and a tenant admin won't do this just because I ask him to. Approval from an information security officer would be necessary which makes this a tedious task for me. I will do it though if you can confirm that it starts working afterwards.

Helpful resources

Announcements
PA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

This training provides practical hands-on experience in creating Power Apps solutions in a full-day of instructor-led App creation workshop.

Microsoft Build 768x460.png

Microsoft Build is May 24-26. Have you registered yet?

Come together to explore latest innovations in code and application development—and gain insights from experts from around the world.

May UG Leader Call Carousel 768x460.png

What difference can a User Group make for you?

At the monthly call, connect with other leaders and find out how community makes your experience even better.

Users online (1,598)