Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities - Lets Get Started!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps - Power Apps Governance and Administ... / Working in customer en...
Power Apps - Power Apps Governance and Administ...
Answered

Working in customer environments in their tenant

(1) ShareShare
ReportReport
Posted on by tfraser 177
I originally posted this in another forum and got no response so trying this again here.
 
I'm on the verge of starting to work with customers. This will involve me setting up new environments, importing solutions, setting up connections and other configurations, producing reports etc. So I'll need to be able to administer the environment, create, edit and delete objects, and full access to the data in the tables.
 
Various individuals in my organisation will need to be able to access each customer environment.
 
I've tested how to do this as a Microsoft Partner using Granulated Delegated Access Permissions (GDAPs) however the only relevant permission seems to he 'Power Platform Administrator'. This only seems to enable a user to administer environments at the top level, but not to do anything within the environment like importing solutions, accessing data etc. Is this correct?
 
Is there a GDAP that allows proper developer access to an environment that I've missed?
 
The only workable solution I can think of is to create a user account in each customer tenant and give that account full access to the environments. Is there any better method than this?
 
Thanks.
Categories:
Management
Environment
  • Verified answer
    tfraser Profile Picture
    tfraser 177 on at
    Working in customer environments in their tenant
    This is the disappointing response I've got from Microsoft support after over 6 weeks of back and forth:
     

    Hope this mail finds you well.

    We have checked with our team and unfortunately GDAP user does not have access to access apps or dataflows, it mostly supported for admin workloads in power platform admin center.

     

    Thanks for your support and cooperation

  • tfraser Profile Picture
    tfraser 177 on at
    Working in customer environments in their tenant
    I have opened a support request with Microsoft on this. I raised this with Partner support and they've now passed it to PowerApps support. They are speaking to each other now and hopefully I'll get an answer.
     
    Unfortunately I suspect full access to the new experience is not yet supported but hopefully I'm incorrect!
  • tfraser Profile Picture
    tfraser 177 on at
    Working in customer environments in their tenant
    I've tried this again and got a bit further than I did last time but still not to the point I'm aiming for.
     
    The 2 limitations that remain are:
    1. Is there a limitation that you can't use the New Experience through a Partner Account using GDAP? Do you have to stick with the old environment customisation system?
    2. Certain components can't be modified using the old experience e.g. Dataflows are very important for me - how would you get to those and modify them?
    3. I can't open any apps - how do you get around that?
     
    I'll explain the steps I'm taking and what works and what doesn't with screenshots for clarity.
     
     
    When working in my home tenant I normally go straight to the 'new experience' at 'make.powerapps.com' and get redirected to whichever environment I last visited. This is the area I can't reach in the customer tenant - it just shows me my home tenant environments.
     
     

    I'm starting in the Platform centre, going to the customer and clicking 'Power Platform'
     
    This opens the Admin centre in the customer tenant, which is a good start.
     
    I can open the list of Environments (for now there is only the Default environments in this tenant)
     
    I can then 'Open' the customer's Default Environment

    This opens a page I'm not very familiar with, probably because I have always interacted with this system from the 'Power Platform' side, not the 'Dynamics' side. I note the 'user' now indicates I'm logged in as 'Delegated Admin'.
    If I try to open the Dataverse Accelerator App I get a 'UserNotLoggedIn' error
     
    If I try to manually create the make.powerapps.com url to the Environment using the Environment ID I get the following error where the 'tenant' ID that it quotes is my HOME tenant ID instead of the CUSTOMER tenant ID (I'll refer to this as the 'Sorry, there's been a disconnect screen':
     
    I can go to 'Advanced Settings'
     
     
    The Advanced Settings appear to work but if I try clicking 'Try the New experience' I get the 'Sorry, there's been a disconnect screen'
     
    If I try going to 'Apps' and 'Create' I get the 'Sorry, there's been a disconnect screen'
     
    I CAN 'customise the system' by adding a new table.
  • tfraser Profile Picture
    tfraser 177 on at
    Working in customer environments in their tenant
    Thanks for the response @ Anchov and sorry for the delay in following up - I had an issue with my community account.
     
    Just to be clear - you don't add a user in the customer tenant for yourself and grant that user access, then log in with that user you created?
     
    You login using your user on own tenant account and access the environment using that account and the GDAP Power Platform Administrator role?
     
    When I tried this I wasn't able to access environments in the customer tenant, I could only access the Admin centre. I thought maybe I needed to give myself extra permissions in that tenant but wasn't able to without a user account for myself in the customer tenant.
     
    Is there anything I might be missing?
     
    I'll try this again maybe on a private browser in case there was some weird conflict going on between environments in my company tenant and the customer tenant environments
     
    Thanks for the tip on Azure PIM - I'll definitely look into that as well!
  • Suggested answer
    Anchov Profile Picture
    Anchov 1,984 on at
    Working in customer environments in their tenant

    The Power Platform Administrator role should give you full access to any environment, just as if you were granted the System Administrator role for each environment. This includes the ability to create, edit, and delete objects, as well as import and export solutions. Additionally, it gives you access to administer policies and Global Power Platform settings. It is a very powerful role.

    I recommend my clients use Azure PIM (Privileged Identity Management), if available, to ensure that access is logged, approved if necessary, and activated only when needed.  This helps mitigate the risks of standing access.

    https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-configure

     

     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities - Lets Get Started!

Quick Links

🌸 Community Spring Festival 2025 Challenge Winners! 🌸

Congratulations to all our community participants!

Warren Belz – Community Spotlight

We are honored to recognize Warren Belz as our May 2025 Community…

Congratulations to the April Top 10 Community Stars!

Thanks for all your good work in the Community!

Leaderboard > Power Apps - Power Apps Governance and Administering

#1
Michael E. Gernaey Profile Picture

Michael E. Gernaey 9 Super User 2025 Season 1

#2
bscarlavai33 Profile Picture

bscarlavai33 5 Super User 2025 Season 1

#3
getsplash Profile Picture

getsplash 2

Overall leaderboard

Featured topics

Product updates

Microsoft Power Platform Community release plans