web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Create role for updati...
Power Apps
Suggested Answer

Create role for updating connection reference

(1) ShareShare
ReportReport
Posted on by DD-20021317-0 4
Hi,
 
I am having difficulties selecting (or creating) the correct security role for our Users in an environment. I want to restrict everything but the following, if possible:
 
- Be able to see and go into the standard solution
- Be able to see all connection references
- Be able to update a connection reference
 
I hope someone can come with a solution for this.
 
Architecture
We send a User ID via HTTP Request from UiPath to Power Automate. In Power Automate, a Switch based on the User ID determines which pillar is chosen. Each pillar uses OneDrive activities, each with its own connection references that are linked to the account of the User ID. In that way, Power Automate knows from which OneDrive files should be fetched.
 
Challenge
In order to activate the connection references, a User needs to go to the standard solution and link his/her account to the specific connection reference. To do so, a certain security role is needed. Right now, we give the User the System Administrator security role (I know) in order to update the connection reference. Right after doing so, we withdraw the role.
 
We are not allowed to use Service Accounts, so as far as I know this is currently the only way to communicate between UiPath and Power Automate.
 
Thanks.
 
David
Categories:
Governance & administering
I have the same question (2)
  • Suggested answer
    Ravi-Prajapati Profile Picture
    Ravi-Prajapati 416 Moderator on at

    Your use case involves dynamically updating connection references in Power Automate based on a user’s identity, without using a Service Account. The challenge is that only users with high-level permissions (like System Administrator) can update connection references in a Dataverse Solution.

    Possible Solutions

    1. Grant Least Privilege Access Instead of System Administrator

    Instead of giving users the System Administrator role, assign them only the necessary permissions to update connection references.

    • Assign a custom security role with these specific privileges:
      • Customization → Connection References: Write, Read, Assign, Share
      • Customization → Solutions: Read
      • Environment → Environment Maker (optional, for UI access)

    You can create this role in Power Platform Admin Center under Environments > [Your Environment] > Security Roles.

    2. Automate the Connection Reference Update Using Power Automate (If Allowed)

    If you want to automate connection reference updates, you could build a Power Automate flow using Dataverse actions:

    • Trigger: HTTP request (from UiPath)
    • Action 1: Retrieve connection reference using Dataverse connector
    • Action 2: Update the connection reference using a Power Automate flow with elevated permissions (such as a Power Automate owner with privileges)

    This would require a user with enough access to run the flow, but it avoids granting everyone System Administrator.

    3. Assign Temporary Elevated Access Using PowerShell or API

    Instead of manually assigning System Administrator, use Power Platform API or PowerShell to temporarily grant a user access and revoke it after the connection reference update.

    PowerShell Example:

     
    powershell
    Add-AdminPowerAppsUserRole -EnvironmentName "YourEnvironmentID" -RoleName "Environment Maker" -UserPrincipalName "user@yourcompany.com"

    Then, remove the role after execution.

    4. Consider a Shared Environment Approach

    Since you can't use Service Accounts, another approach is to have a shared Dataverse environment where only approved users can manage connection references, reducing the need for constant role changes.

    Recommended Approach

    • Best Practice: Assign a custom security role with the necessary privileges instead of System Administrator.
    • If automation is needed: Use a Power Automate flow to update connection references programmatically.
    • For temporary access: Use PowerShell or API calls to grant/revoke access dynamically.

     

  • DD-20021317-0 Profile Picture
    DD-20021317-0 4 on at
    Thanks Ravi.
     
    I will see if the security roles that you mentioned will work.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the March Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
11manish Profile Picture

11manish 505

#2
WarrenBelz Profile Picture

WarrenBelz 502 Most Valuable Professional

#3
Haque Profile Picture

Haque 324

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans