Powerapps admin

(1) Share

Report

Posted on by MeghanaMothiki Microsoft Employee

Some of the key questions I have are around permissions and owners of the app:

- If an app is created by a Power Apps admin then that admin is deleted, will the app still function?

- If a connector is created by a Power Apps admin then that admin is deleted, will that connector still function?

- If an app or connector is created by a Power Apps admin will the app run under that specific user? if so are there any issues that we may come across if this is the case, for example limitations etc.

- Is it necessary or good practice to use a "service account" for each Power App created instead of creating it under an actual admin user account? what are the benefits doing it this way?

- If we were to create a "service account" for each app, will this account require the same permissions and license as well as access to data sources and connectors to build apps?

- If we were to use a "service account" if the password expires or the account is deleted will it have any impact to existing apps or connectors created by this service account?

- Are there any considerations or limitations that we need to consider when designing and managing our environment going forward?

Please help me on my queries.

Categories:

Governance & administering

I have the same question (0)

All responses (3)

Answers (1)

Verified answer

akandis 393 on at

Like (3)

Report

Hi @MeghanaMothiki I will respond within every point.

1 - If an app is created by a Power Apps admin then that admin is deleted, will the app still function?
R: Yes the Power Apps will still working. Also this Power App it will be catalogued as orphaned Power App.

2 - If a connector is created by a Power Apps admin then that admin is deleted, will that connector still function?
R: No, it not will work because the connector use the user identity to connect.

3 - If an app or connector is created by a Power Apps admin will the app run under that specific user? if so are there any issues that we may come across if this is the case, for example limitations etc.
I can not understand 😕 Please provide me more info and I will try to help you 🙂

- Is it necessary or good practice to use a "service account" for each Power App created instead of creating it under an actual admin user account? what are the benefits doing it this way?
R: Yes it's a good practice! It is recomendet because when you have a lot of users creating Power Apps and some of these leave the company you will have many problem, with a service account you prevent that. It's highly recommended for Production app.

- If we were to create a "service account" for each app, will this account require the same permissions and license as well as access to data sources and connectors to build apps?
R: In my opinion I think that you don't need to create a service account for each Power App. But replying to you question, if the service account just will need to create (maker) you don't need to acquier a premium license, in developing you don't need premium license it is required only when you want to run Power App as a normal user.

- If we were to use a "service account" if the password expires or the account is deleted will it have any impact to existing apps or connectors created by this service account?
R: Yes. Power Apps it will be still working as an orphaned app but connectors can't will connect and you will need to reconnect with another account.

- Are there any considerations or limitations that we need to consider when designing and managing our environment going forward?
R: Yes I recommend this points:
Detect which Power Apps are critical and what are not. For example if you have a Power App that afects to the entire organization that will be catalogues as Critical in that case I recomend to create 3 environaments (Dev, Test, Prod).
Not share with individual users, user Azure AD security groups.
Implement DLP.
Create a service account by Tenant or by Environment. In some cases it could be interesting to create a service account for a specific Power Apps.

I hope it helps!
Have nice day 🙂

Was this reply helpful? Yes No
MeghanaMothiki Microsoft Employee on at

Like (0)

Report

Thanks for your reply.

Additional Q Regarding the “Send an Email (V2)” connector. Based on the below screenshot, if I enter a “Send As” address, do I need to make sure that the users that run this app have send as permissions to the mailbox I enter here? If not how does this work?

save.PNG

Was this reply helpful? Yes No
akandis 393 on at

Like (0)

Report

Hi @MeghanaMothiki !!

When you use a Outlook connector to send an email you will need that the user that is runing this Power Apps have Outlook to be allowed to send mails. Realize that when a user runs a Power Apps they will ask for a Outlook account to continue running.
Also here we can do 2 aproach if you don't need to send that email with the user identity that is running the Power App you can use a service account! But if you need to send that email with the indentity of the user that is running the Power Apps, yes you will need a license to allow that user send emails/user outlook.

I hope that is useful for you!!
Please let me know if you have more doubts. 🙂

Was this reply helpful? Yes No