Latest Posts

Setting Power Apps Permissions using PowerShell

Posted on by Rishan Solutions

Loading

PowerShell allows administrators to assign, modify, and manage Power Apps permissions efficiently. This ensures proper access control across users and security groups.

Step 1: Install Required PowerShell Modules

Ensure you have the necessary PowerShell modules installed:

Install-Module -Name Microsoft.PowerApps.Administration.PowerShell -Force -AllowClobber
Install-Module -Name Microsoft.PowerApps.PowerShell -Force -AllowClobber

If prompted, press Y to confirm installation.

Step 2: Authenticate to Power Platform

Log in using your Microsoft Power Platform Admin Account:

Add-PowerAppsAccount

For service principal authentication:

$clientId = "your-client-id"
$clientSecret = "your-client-secret"
$tenantId = "your-tenant-id"

$SecureSecret = ConvertTo-SecureString $clientSecret -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential ($clientId, $SecureSecret)

Connect-AdminPowerAppEnvironment -TenantId $tenantId -Credential $Credential

Step 3: Retrieve Available Power Apps

List all Power Apps in an environment:

$environmentId = "your-environment-id"

Get-AdminPowerApp -EnvironmentName $environmentId | Select-Object DisplayName, AppName, CreatedTime, LastModifiedTime

Identify the AppName of the app for which you want to set permissions.

Step 4: Assign Permissions to a User

To assign Owner, CanEdit, or CanView permissions to a user, use the following:

$appId = "your-app-id"
$userEmail = "user@domain.com"
$role = "CanView"  # Options: Owner, CanEdit, CanView

Set-AdminPowerAppRoleAssignment -AppName $appId -PrincipalType User -PrincipalObjectId $userEmail -Role $role

This grants the specified permission to the user.

Step 5: Assign Permissions to a Security Group

You can also assign permissions to an Azure AD security group:

$appId = "your-app-id"
$groupId = "your-security-group-id"
$role = "CanEdit"  # Options: Owner, CanEdit, CanView

Set-AdminPowerAppRoleAssignment -AppName $appId -PrincipalType Group -PrincipalObjectId $groupId -Role $role

This ensures multiple users in the group have the specified access.

Step 6: Remove Permissions from a User or Group

To remove a user’s access to a Power App:

$appId = "your-app-id"
$userEmail = "user@domain.com"

Remove-AdminPowerAppRoleAssignment -AppName $appId -PrincipalType User -PrincipalObjectId $userEmail

To remove a security group’s access:

$appId = "your-app-id"
$groupId = "your-security-group-id"

Remove-AdminPowerAppRoleAssignment -AppName $appId -PrincipalType Group -PrincipalObjectId $groupId

Step 7: List Existing Permissions for a Power App

To view all users and groups assigned to a Power App:

$appId = "your-app-id"

Get-AdminPowerAppRoleAssignment -AppName $appId | Select-Object PrincipalType, PrincipalObjectId, Role

This helps verify assigned roles.

Step 8: Export Power Apps Permissions to a CSV (Optional)

To document permissions for auditing purposes:

$exportPath = "C:\PowerPlatform\PowerAppsPermissions.csv"

Get-AdminPowerAppRoleAssignment -AppName $appId | Select-Object PrincipalType, PrincipalObjectId, Role |
    Export-Csv -Path $exportPath -NoTypeInformation

This will save the permissions list to C:\PowerPlatform\PowerAppsPermissions.csv.

Step 9: Disconnect from Power Platform

Once done, disconnect the session:

Disconnect-PowerAppsAccount

Leave a Reply

Your email address will not be published. Required fields are marked *