Latest Posts

Managing Flow Owners and Permissions using PowerShell

Posted on by Rishan Solutions

Loading

Managing Power Automate flow owners and permissions using PowerShell ensures that workflows are securely managed across environments. Administrators can list, add, and remove owners, as well as modify permissions efficiently.

Step 1: Install Required PowerShell Modules

Ensure the necessary Power Automate PowerShell modules are installed:

Install-Module -Name Microsoft.PowerApps.Administration.PowerShell -Force -AllowClobber
Install-Module -Name Microsoft.PowerApps.PowerShell -Force -AllowClobber

If prompted, press Y to confirm installation.

Step 2: Authenticate to Power Platform

Log in with an admin account to manage flow ownership and permissions:

Add-PowerAppsAccount

Alternatively, authenticate using Microsoft Graph for deeper access:

Connect-MgGraph -Scopes "User.Read.All", "Application.Read.All"

Step 3: List Flow Owners in an Environment

Before modifying ownership, list all current owners of a specific flow:

$EnvironmentName = "<EnvironmentID>"  # Replace with your environment ID
$FlowName = "<FlowName>"  # Replace with the exact flow name

Get-AdminFlowOwner -EnvironmentName $EnvironmentName -FlowName $FlowName | 
Select-Object UserId, Role | Format-Table -AutoSize

This command provides:
User ID of the owner
Role (Owner/Contributor)

Step 4: Add a New Owner to a Flow

To add a new owner or co-owner to a Power Automate flow:

$EnvironmentName = "<EnvironmentID>"  # Replace with your environment ID
$FlowName = "<FlowName>"  # Replace with the exact flow name
$UserEmail = "<UserEmail>"  # Replace with the email of the new owner

Set-AdminFlowOwnerRole -EnvironmentName $EnvironmentName -FlowName $FlowName -PrincipalObjectId $UserEmail -Role Owner

Write-Host "User '$UserEmail' has been added as an owner of flow '$FlowName'."

The new owner will now have full control over the flow.

Step 5: Remove an Owner from a Flow

To remove an existing owner from a flow:

$EnvironmentName = "<EnvironmentID>"
$FlowName = "<FlowName>"
$UserEmail = "<UserEmail>"  # Replace with the email of the owner to be removed

Remove-AdminFlowOwnerRole -EnvironmentName $EnvironmentName -FlowName $FlowName -PrincipalObjectId $UserEmail

Write-Host "User '$UserEmail' has been removed as an owner of flow '$FlowName'."

This ensures only authorized users manage automation workflows.

Step 6: Assign a Contributor (Without Full Owner Rights)

If you want to assign a contributor instead of a full owner:

$EnvironmentName = "<EnvironmentID>"
$FlowName = "<FlowName>"
$UserEmail = "<UserEmail>"

Set-AdminFlowOwnerRole -EnvironmentName $EnvironmentName -FlowName $FlowName -PrincipalObjectId $UserEmail -Role CanEdit

Write-Host "User '$UserEmail' has been assigned as a contributor to flow '$FlowName'."

Contributors can edit the flow but cannot delete it or manage ownership.

Step 7: List All Flows with Their Owners

To get a list of all flows and their owners in an environment:

$EnvironmentName = "<EnvironmentID>"
$outputPath = "C:\PowerAutomate\FlowOwners.csv"

$flows = Get-AdminFlow -EnvironmentName $EnvironmentName 

$flowOwners = foreach ($flow in $flows) {
    Get-AdminFlowOwner -EnvironmentName $EnvironmentName -FlowName $flow.FlowName | 
    Select-Object @{Name="FlowName"; Expression={$flow.DisplayName}}, UserId, Role
}

$flowOwners | Export-Csv -Path $outputPath -NoTypeInformation

Write-Host "Flow ownership details exported to: $outputPath"

This exports:
Flow Name
Owner Emails
Role (Owner/Contributor)

Step 8: Bulk Add Owners to Multiple Flows

To assign a new owner to all flows in an environment:

$EnvironmentName = "<EnvironmentID>"
$UserEmail = "<UserEmail>"

Get-AdminFlow -EnvironmentName $EnvironmentName | 
ForEach-Object { Set-AdminFlowOwnerRole -EnvironmentName $EnvironmentName -FlowName $_.FlowName -PrincipalObjectId $UserEmail -Role Owner }

Write-Host "User '$UserEmail' has been added as an owner to all flows in the environment."

Useful for migrating ownership when an admin leaves the organization.

Step 9: Remove Unauthorized Owners from All Flows

To remove a specific owner from all flows in an environment:

$EnvironmentName = "<EnvironmentID>"
$UserEmail = "<UserEmail>"

Get-AdminFlow -EnvironmentName $EnvironmentName | 
ForEach-Object { Remove-AdminFlowOwnerRole -EnvironmentName $EnvironmentName -FlowName $_.FlowName -PrincipalObjectId $UserEmail }

Write-Host "User '$UserEmail' has been removed as an owner from all flows."

Helps in revoking access for former employees or unauthorized users.

Step 10: Disconnect PowerShell Session

Once done, disconnect the PowerShell session:

Disconnect-MgGraph
Disconnect-PowerAppsAccount

Leave a Reply

Your email address will not be published. Required fields are marked *