web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Copilot Studio / Insufficient environme...
Copilot Studio
Unanswered

Insufficient environment permissions

(3) ShareShare
ReportReport
Posted on by PO-20050818-0 7
Hi,
 
Can someone please explain to me why the PG working on Copilot Studio is not capable of introducing/using new Security Roles for Copilot Studio?
 
Was already aware that we have to give users the "environment maker" role to allow them to create agents in a Dataverse environment. This is already strange as we can't prevent them from creating flows/apps. You guys can't imagine a scenario where IT only wants to give a user the permission to create an agent?
 
Now I'm learning that users that only need to use an agent also need the "environment maker" role. This means that we can't make an agent available to users in a Dataverse environment without giving them the option to create agents/flows/apps.
 
 
Please tell me I'm wrong or explain why Microsoft thinks it's OK to not allow IT to lock things down. To me this is an indication that a higher up made a decision to do whatever it takes to get usage of Copilot Studio to go up. How do you guys not realize that this could also be a reason why some companies simply refuse to adopt Copilot Studio? You're now forcing IT to continuously monitor an environment and delete agents created by users that are only supposed to use an agent. When a company decides to block certain "channels" for Copilot Studio and wants to facilitate an exception by using a separate Dataverse environment with a custom DLP policy, the set up Microsoft has created allows all users of agents to create agents and publish to the same channel.
 
We have done some testing and can confirm that "environment maker" is needed for users of agents. This is now why I'm going to push against using Copilot Studio when I'm advising my customers. They can use Copilot Studio, but only in the default environment and with the tenant DLP policy enforced. No exceptions... No more "allocating paid messages to facilitate an important agent" as you can't rule out that some random user creates an agent and starts consuming the same paid messages.
Categories:
General topics
I have the same question (1)

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Copilot Studio

#1
Michael E. Gernaey Profile Picture

Michael E. Gernaey 255 Super User 2025 Season 2

#2
Romain The Low-Code Bearded Bear Profile Picture

Romain The Low-Code... 205 Super User 2025 Season 2

#3
S-Venkadesh Profile Picture

S-Venkadesh 101 Moderator

Last 30 days Overall leaderboard

Featured topics

Announcing the "Microsoft Copilot Studio ❤️ MCP" lab
Welcome to the Copilot Studio forum!

Product updates

Microsoft Power Platform Community release plans