You’re offline. This is a read only version of the page.
402
Hi everyone,
I am hoping someone from the community can help with this major blocker we have on a Canvas App. I'll try and provide plenty of detail but if anything unclear please let me know.
We have a Canvas App which, OnSelect of an icon on the final screen, should trigger a Flow which sends an email.
The Canvas App has two connections; Office 365 Users and Microsoft Outlook. The Office 365 Connection is working fine as the App is aware of the logged in user and provides visual confirmation of their name and UPN.
The Canvas App is part of our ALM process and goes through Dev, Test and Prod environments. The Flow Owner in the Dev environment is myself; when the Solution goes through Test and Prod the Flow Owner becomes a service account owned centrally.
The issue is:
1. As App author, I am able to fire the Flow in Dev, Test and Prod.
2. Our ALM manager is also able to fire the Flow in Dev, Test and Prod.
3. No other user can fire the Flow in Test or Prod. Instead, they see the following error:
I have tried all the classic fixes:
1. Remove and Re-Add the flow in the App.
2. Ensure the user has selected 'Allow' on the first run of the App to ensure the connections are allowed.
3. I have checked the user group has "Basic User" applied to it.
4. The Flow should be leveraging the user's mailbox to send the email. Therefore the issue should not be related to permissions on a Shared Mailbox.
I have seen posts like this:
Solved: connection not configured for this service - Power Platform Community (microsoft.com)
The problem is, 'Basic User' does not seem to be configurable. When I navigate to it I see the following message:
I think a key point is that when the error is seen in the App, the Flow does not fire at all - IE there is no failed run of the Flow. Therefore the issue appears to be between the App and the Flow.
Hopefully that summarises the main points. Any help on this would be very much appreciated, thank you!
Hi @gidiscacciati , I am the OP on the thread.
@gidiscacciati wrote:If it can be solved by refreshing the flow.. is it still a problem with the Basic User role?
When you refresh the Flow can the users that cannot normally run the Flow operate it correctly? If yes, then this does not present as the same issue I was having and therefore the problem may relate to another source.
@gidiscacciati wrote:If I change this permission set, will I still need to refresh the flow every time I import it?
If you complete the resolution per this thread, you will not need to refresh the Flow once the solution is published. The limitation was based in the Security Role related to the user attempting to run the Flow, so once the Security Role is updated in accordance with the steps in this thread, the Flow should then run normally.
Hope this helps?
Hello everyone! Sorry to reply on a solved post, but I'm currently going through this problem.
I have a flow inside canvas app and, as OP said, as the owner, I can trigger it normally, the problem is when other users try to fire it, it shows the same message OP showed. However, something I do usually solves the problem, which is refreshing the flow inside the app and republish it. The problem is, I can't do this everytime I import the solution in a production environment.
If it can be solved by refreshing the flow.. is it still a problem with the Basic User role?
If I change this permission set, will I still need to refresh the flow every time I import it?
Hi @pp365 , Solution table can be taken as optional. I am glad that the issue got resolved. Please click Accept as solution ✅ if my post helped you solve your issue. This will help others find it more readily. It also closes the item. If the content was useful in other ways, please consider giving it Thumbs up.👍
Thanks,
ANB
Hi again @ANB ,
Please accept my apologies, I've looked again and have found Solution.
However, I have found that only changing Process from User to Organisation has actually fixed the issue. Before we put this in to Production, are there any further ramifications we need to be aware of on this change? Does it provide users access to anything else in addition to enabling this Flow run etc?
Thanks very much again for all your help.
Hi again @ANB ,
Thanks for your help with this. I want to clarify the exact changes you're suggesting.
That for the Basic User role (a copy of this, so it can be customised):
Process (name: "Workflow"), change Read from User to Organisation.
You've also mentioned a table in the Security Role called Solution. Apologies, I can't find a table with that name. Could you elaborate on this?
Thank you again
HI @pp365 , Basically when you follow ALM that is when you have flows within solution, then a user who are going to consume the apps and those flow should have security role which has read access on processes and solution table in Dataverse.
Basic User security role is the least privilege role in Dataverse, so editing that role is recommended, however Microsoft has now made that role as non customizable and due to which we suggest to create copy of that Basic User role and then customize that new role where you assign read access on processes and solution tables.
And this newly created basic user security role should be assigned to Teams, so whoever became the part of Entra Security Group they will get this New Basic User security role and ultimately they have read access on processes and solution tables which is requirement in ALM.
-----------------------------------------------------------------------------------------------------------------------------
I hope this helps.
Please click Accept as solution ✅ if my post helped you solve your issue. This will help others find it more readily. It also closes the item. If the content was useful in other ways, please consider giving it Thumbs up.👍
Thanks,
ANB
Hi again @ANB , I have read the other thread. If I have read this correctly you've stated the user in question needs the Basic User Security Role assign to them and have recommended that this is most easily done by creating an Entra Security Group, then assigning the user to that group, and assigning the Basic User security role to the Team to which the Entra Security Group is assigned.
I've done all of that already. Are you suggesting in your post that for some reason by duplicating, renaming and assigning the Basic User role, something is triggered that resolves the issue? In other words, just to check I did not miss that I need to customise any aspect of the Basic User role when I copy it?
If this is true, any clue as to what the underlying issue is?
Many thanks!
HI @pp365 , Recently I have answered the same thing in other post which is accepted solution. Please go through the post and see if that can help you.
-----------------------------------------------------------------------------------------------------------------------------
I hope this helps.
Please click Accept as solution ✅ if my post helped you solve your issue. This will help others find it more readily. It also closes the item. If the content was useful in other ways, please consider giving it Thumbs up.👍
Thanks,
ANB
#1
WarrenBelz
146,645
Most Valuable Professional
#2
RandyHayes
76,287
Super User 2024 Season 1
#3
Pstork1
65,997
Most Valuable Professional
Share
Report
All responses (
Answers (
