I have an agent that calls a flow, and asks for permissions to use the run as user account
It successfully creates a connection for the user
The connection then Fails
When trying link the user to the flow in connection manager it fails out with insufficent permissions
I assume this is Enviroment level permissions that are required, but im not having any luck figuring out what those permissions are. Does anyone know the base permission requirements here?
This is a managed enviroment where we put IT only created agents\apps\flows so i dont want to give more rights then they need to just execute the flow as themselvs and be able to connect to outlook\sharepoint as their user account.
For the "Insufficient Permissions" error for run-only users in a managed environment, apply these three core requirements:
1. Environment Level
Users need the Environment User security role. This provides the base permission to access the environment.
Note: If you use a custom role instead, ensure it has Read access to the Process, Connection Reference, and Environment Variable tables.
2. Flow Level
On the Flow's details page, click Edit in the Run-only users tile:
Add the specific users or security groups.
Set the connections (SharePoint, Outlook, etc.) to "Provided by run-only user". This forces the flow to use their credentials rather than the creator's.
3. Data Access Level
The user must have independent access to the data the flow touches:
SharePoint/Outlook: Proper O365 licensing and site/folder permissions.
Dataverse: A security role with Read, Append, and AppendTo permissions for any tables the flow interacts with.
Was this reply helpful?YesNo
Under review
Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.
2
Share
Report
All responses (
Answers (
