Latest Posts

Managing Power Platform User Roles using PowerShell

Posted on by Rishan Solutions

Loading

Managing user roles in Power Platform using PowerShell allows administrators to efficiently assign, modify, and remove permissions across environments. This ensures users have appropriate access to apps, flows, and Dataverse data.

Step 1: Install Required PowerShell Modules

Ensure that you have installed the necessary PowerShell modules:

Install-Module -Name Microsoft.PowerApps.Administration.PowerShell -Force -AllowClobber
Install-Module -Name Microsoft.PowerApps.PowerShell -Force -AllowClobber

If prompted, press Y to confirm the installation.

Step 2: Authenticate to Power Platform

Connect to Power Platform with an Admin account:

Add-PowerAppsAccount

A Microsoft sign-in window will appear. Log in using your Global Admin or Power Platform Admin credentials.

For automation without manual sign-in, use service principal authentication:

$clientId = "your-client-id"
$clientSecret = "your-client-secret"
$tenantId = "your-tenant-id"

$SecureSecret = ConvertTo-SecureString $clientSecret -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential ($clientId, $SecureSecret)

Connect-AdminPowerAppEnvironment -TenantId $tenantId -Credential $Credential

Step 3: Retrieve Power Platform Environments

List all environments and their EnvironmentName:

Get-AdminPowerAppEnvironment | Select-Object DisplayName, EnvironmentName, Location, EnvironmentSku

Identify the EnvironmentName where you want to manage user roles.

Step 4: List Users and Their Roles

To view the current user roles in a specific environment, use:

$environmentId = "your-environment-id"

Get-AdminPowerAppEnvironmentRoleAssignment -EnvironmentName $environmentId |
    Select-Object PrincipalEmail, RoleName

This displays the email addresses of users and their assigned roles.

Step 5: Assign a Role to a User

To assign a new role to a user in an environment:

$environmentId = "your-environment-id"
$userEmail = "user@domain.com"
$roleName = "Environment Maker"   # Change to "System Administrator" if needed

Set-AdminPowerAppEnvironmentRoleAssignment -EnvironmentName $environmentId -PrincipalEmail $userEmail -RoleName $roleName

Common Role Names:

  • System Administrator – Full control over the environment
  • Environment Maker – Can create apps and flows
  • Basic User – Limited permissions to access apps

Step 6: Remove a Role from a User

To remove a role from a user:

Remove-AdminPowerAppEnvironmentRoleAssignment -EnvironmentName $environmentId -PrincipalEmail $userEmail

This removes all roles assigned to the user.

Step 7: Export User Roles to a CSV File (Optional)

To document user roles for audit or governance:

$exportPath = "C:\PowerPlatform\UserRoles.csv"

Get-AdminPowerAppEnvironmentRoleAssignment -EnvironmentName $environmentId |
    Select-Object PrincipalEmail, RoleName |
    Export-Csv -Path $exportPath -NoTypeInformation

Navigate to C:\PowerPlatform to verify the exported data in Excel.

Step 8: Disconnect from Power Platform

Once done, disconnect the session:

Disconnect-PowerAppsAccount

Leave a Reply

Your email address will not be published. Required fields are marked *