web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Deploying a Microsoft ...
Power Apps
Suggested Answer

Deploying a Microsoft Power Apps solution with dataflows while maintaining environment segregation

(3) ShareShare
ReportReport
Posted on by 86
Hi all!
 

I've solution in Microsoft Power Apps that contains dataflows reading data from Microsoft Dataverse.
The porting process between DEV, TEST, and PROD environments cannot be performed through the standard solution import/export, because the solution includes dataflows.
 

As a result, the only viable option seems to be using Power Platform Pipelines.

However, using pipelines requires that the technical NOPROD account used to create the pipeline also has access rights to PROD, so that the environment can be selected as the deployment target.

I was advised to create a fourth “host” environment, used only to run the pipeline, where an additional technical account would be enabled in order to maintain segregation between PROD and NOPROD.

The issue is that this technical account from the host environment would still need to be enabled in the other environments to manage the pipelines.

Therefore, even in this scenario, the segregation between environments and technical accounts would not be fully respected.

What solution would you recommend in this situation?
Thanks


 
I have the same question (0)
  • Suggested answer
    DP_Prabh Profile Picture
    381 on at

    To maintain proper segregation between PROD and NOPROD, a common pattern is:

    1. Create a dedicated service account or service principal specifically for pipeline execution.
    2. Grant this account minimum required permissions in each environment (for example Environment Maker or deployment permissions rather than full admin access).
    3. Use a separate host environment only for managing the pipeline configuration.
    4. Ensure PROD access is limited strictly to deployment operations, not development activities.

    For pipeline deployment may refer this article: [Step by Step] Configure and run ‘Pipelines in Power Platform’ – Rajeev Pentyala – Technical Blog on Power Platform, Azure and AI

    I hope this works for you!
  • Suggested answer
    11manish Profile Picture
    3,333 on at
    Solutions in Microsoft Power Apps that include Power Apps Dataflows cannot be fully deployed using standard solution import/export because dataflows store connections and credentials outside the solution. Many teams consider Power Platform Pipelines, but pipelines require the pipeline owner account to have access to all environments, including production, which can violate strict environment segregation policies.

    Creating a separate “host” environment for pipelines does not completely solve the problem because the technical account still needs permissions across DEV, TEST, and PROD environments.

    The recommended enterprise approach is to use CI/CD tools such as Azure DevOps or GitHub Actions together with a service principal from Microsoft Entra ID. This allows automated deployments between environments without giving human or shared technical accounts direct access to production, ensuring better security, governance, and auditability.
  • FR-27081326-0 Profile Picture
    86 on at
    Hi @11manish !

    What permissions should this Service Principal have across the different environments?

    Thanks
  • 11manish Profile Picture
    3,333 on at
    There could be no obvious answer to this question.
     
    The permissions for a Service Principal in the Power Platform depend on what it needs to do, but for most enterprise scenarios (integration, automation, deployment), you should follow a least-privilege + environment-specific approach in Microsoft Dataverse and Microsoft Power Platform.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Season of Sharing Community Challenge Launch!

Jump in, show your community spirit, and win prizes!

Kudos to our 2025 Community Spotlight Honorees

Expanding mentorship, skilling, and AI innovation

Congratulations to the May Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
Valantis Profile Picture

Valantis 424

#2
WarrenBelz Profile Picture

WarrenBelz 355 Most Valuable Professional

#3
11manish Profile Picture

11manish 290

Last 30 days Overall leaderboard