79
Hi,
My user has global admin role, but once I'm trying to execute Set-AdminFlowOwnerRole I'm getting the error
Code : Forbidden Description : Forbidden Error : Errors : Internal : System.Net.HttpWebResponse
any ideas
The issue was, that flow is a solution aware flow, and you cannot change the owner of it
Hi @aboodhamwi ,
Check if this helps:
function Set-AdminFlowOwnerRole
{
<#
.SYNOPSIS
sets owner permissions to the flow.
.DESCRIPTION
The Set-AdminFlowOwnerRole set up permission to flow depending on parameters.
Use Get-Help Set-AdminFlowOwnerRole -Examples for more detail.
.PARAMETER EnvironmentName
Limit app returned to those in a specified environment.
.PARAMETER FlowName
Specifies the flow id.
.PARAMETER RoleName
Specifies the access level for the user on the flow; CanView or CanEdit
.PARAMETER PrincipalType
Specifies the type of principal that is being added as an owner; User or Group (security group)
.PARAMETER PrincipalObjectId
Specifies the principal object Id of the user or security group.
.EXAMPLE
Set-AdminFlowOwnerRole -PrincipalType Group -PrincipalObjectId b049bf12-d56d-4b50-8176-c6560cbd35aa -RoleName CanEdit -FlowName 1ec3c80c-c2c0-4ea6-97a8-31d8c8c3d488 -EnvironmentName Default-55abc7e5-2812-4d73-9d2f-8d9017f8c877
Add the specified security group as an owner fo the flow with name 1ec3c80c-c2c0-4ea6-97a8-31d8c8c3d488
#>
[CmdletBinding(DefaultParameterSetName="User")]
param
(
[Parameter(Mandatory = $true, ParameterSetName = "User", ValueFromPipelineByPropertyName = $true)]
[string]$FlowName,
[Parameter(Mandatory = $true, ParameterSetName = "User", ValueFromPipelineByPropertyName = $true)]
[string]$EnvironmentName,
[Parameter(Mandatory = $true, ParameterSetName = "User")]
[ValidateSet("User", "Group")]
[string]$PrincipalType,
[Parameter(Mandatory = $true, ParameterSetName = "User")]
[ValidateSet("CanView", "CanEdit")]
[string]$RoleName,
[Parameter(Mandatory = $true, ParameterSetName = "User")]
[string]$PrincipalObjectId = $null,
[Parameter(Mandatory = $false, ParameterSetName = "User")]
[string]$ApiVersion = "2016-11-01"
)
process
{
$userOrGroup = Get-UsersOrGroupsFromGraph -ObjectId $PrincipalObjectId
$PrincipalDisplayName = $userOrGroup.DisplayName
$PrincipalEmail = $userOrGroup.Mail
$route = "https://{flowEndpoint}/providers/Microsoft.ProcessSimple/scopes/admin/environments/{environment}/flows/{flowName}/modifyPermissions?api-version={apiVersion}" `
| ReplaceMacro -Macro "{flowName}" -Value $FlowName `
| ReplaceMacro -Macro "{environment}" -Value (ResolveEnvironment -OverrideId $EnvironmentName);
#Construct the body
$requestbody = $null
$requestbody = @{
put = @(
@{
properties = @{
principal = @{
email = $PrincipalEmail
id = $PrincipalObjectId
type = $PrincipalType
displayName = $PrincipalDisplayName
}
roleName = $RoleName
}
}
)
}
$result = InvokeApi -Method POST -Route $route -Body $requestbody -ApiVersion $ApiVersion
CreateHttpResponse($result)
}
}
Regards,
Mona
#1
WarrenBelz
791
Most Valuable Professional
#2
MS.Ragavendar
410
#3
mmbr1606
275
Super User 2025 Season 1
Share
Report
All responses (
Answers (
