web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Working in customer en...
Power Apps
Unanswered

Working in customer environments in their tenant

(1) ShareShare
ReportReport
Posted on by SurfaceWear 186
I originally posted this in another forum and got no response so trying this again here.
 
I'm on the verge of starting to work with customers. This will involve me setting up new environments, importing solutions, setting up connections and other configurations, producing reports etc. So I'll need to be able to administer the environment, create, edit and delete objects, and full access to the data in the tables.
 
Various individuals in my organisation will need to be able to access each customer environment.
 
I've tested how to do this as a Microsoft Partner using Granulated Delegated Access Permissions (GDAPs) however the only relevant permission seems to he 'Power Platform Administrator'. This only seems to enable a user to administer environments at the top level, but not to do anything within the environment like importing solutions, accessing data etc. Is this correct?
 
Is there a GDAP that allows proper developer access to an environment that I've missed?
 
The only workable solution I can think of is to create a user account in each customer tenant and give that account full access to the environments. Is there any better method than this?
 
Thanks.
Categories:
Governance & administering
I have the same question (0)
  • Suggested answer
    Anchov Profile Picture
    Anchov 1,986 on at

    The Power Platform Administrator role should give you full access to any environment, just as if you were granted the System Administrator role for each environment. This includes the ability to create, edit, and delete objects, as well as import and export solutions. Additionally, it gives you access to administer policies and Global Power Platform settings. It is a very powerful role.

    I recommend my clients use Azure PIM (Privileged Identity Management), if available, to ensure that access is logged, approved if necessary, and activated only when needed.  This helps mitigate the risks of standing access.

    https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-configure

     

     

  • SurfaceWear Profile Picture
    SurfaceWear 186 on at
    Thanks for the response @ Anchov and sorry for the delay in following up - I had an issue with my community account.
     
    Just to be clear - you don't add a user in the customer tenant for yourself and grant that user access, then log in with that user you created?
     
    You login using your user on own tenant account and access the environment using that account and the GDAP Power Platform Administrator role?
     
    When I tried this I wasn't able to access environments in the customer tenant, I could only access the Admin centre. I thought maybe I needed to give myself extra permissions in that tenant but wasn't able to without a user account for myself in the customer tenant.
     
    Is there anything I might be missing?
     
    I'll try this again maybe on a private browser in case there was some weird conflict going on between environments in my company tenant and the customer tenant environments
     
    Thanks for the tip on Azure PIM - I'll definitely look into that as well!
  • SurfaceWear Profile Picture
    SurfaceWear 186 on at
    I've tried this again and got a bit further than I did last time but still not to the point I'm aiming for.
     
    The 2 limitations that remain are:
    1. Is there a limitation that you can't use the New Experience through a Partner Account using GDAP? Do you have to stick with the old environment customisation system?
    2. Certain components can't be modified using the old experience e.g. Dataflows are very important for me - how would you get to those and modify them?
    3. I can't open any apps - how do you get around that?
     
    I'll explain the steps I'm taking and what works and what doesn't with screenshots for clarity.
     
     
    When working in my home tenant I normally go straight to the 'new experience' at 'make.powerapps.com' and get redirected to whichever environment I last visited. This is the area I can't reach in the customer tenant - it just shows me my home tenant environments.
     
     

    I'm starting in the Platform centre, going to the customer and clicking 'Power Platform'
     
    This opens the Admin centre in the customer tenant, which is a good start.
     
    I can open the list of Environments (for now there is only the Default environments in this tenant)
     
    I can then 'Open' the customer's Default Environment

    This opens a page I'm not very familiar with, probably because I have always interacted with this system from the 'Power Platform' side, not the 'Dynamics' side. I note the 'user' now indicates I'm logged in as 'Delegated Admin'.
    If I try to open the Dataverse Accelerator App I get a 'UserNotLoggedIn' error
     
    If I try to manually create the make.powerapps.com url to the Environment using the Environment ID I get the following error where the 'tenant' ID that it quotes is my HOME tenant ID instead of the CUSTOMER tenant ID (I'll refer to this as the 'Sorry, there's been a disconnect screen':
     
    I can go to 'Advanced Settings'
     
     
    The Advanced Settings appear to work but if I try clicking 'Try the New experience' I get the 'Sorry, there's been a disconnect screen'
     
    If I try going to 'Apps' and 'Create' I get the 'Sorry, there's been a disconnect screen'
     
    I CAN 'customise the system' by adding a new table.
  • SurfaceWear Profile Picture
    SurfaceWear 186 on at
    I have opened a support request with Microsoft on this. I raised this with Partner support and they've now passed it to PowerApps support. They are speaking to each other now and hopefully I'll get an answer.
     
    Unfortunately I suspect full access to the new experience is not yet supported but hopefully I'm incorrect!
  • Verified answer
    SurfaceWear Profile Picture
    SurfaceWear 186 on at
    This is the disappointing response I've got from Microsoft support after over 6 weeks of back and forth:
     

    Hope this mail finds you well.

    We have checked with our team and unfortunately GDAP user does not have access to access apps or dataflows, it mostly supported for admin workloads in power platform admin center.

     

    Thanks for your support and cooperation

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 717 Most Valuable Professional

#2
Michael E. Gernaey Profile Picture

Michael E. Gernaey 329 Super User 2025 Season 2

#3
Power Platform 1919 Profile Picture

Power Platform 1919 268

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans