Overview
Keeping a clean hierarchical Active Directory (AD) is essential to managing permissions and having good governance in the Power Platform. This post outlines the key core concepts of securing your platforms.
Power Platform is managed at three levels:
- App (model, canvas or power pages),
- Environment (user needs permissions to the tenant environment)
- Source (Dataverse, SQL, SharePoint)
AAD/EntraId
Azure Active Directory (AAD) is the backbone of permissions in the Power Platform. Security groups are normally well set up within AD, but when creating a new group, I tend to use "Microsoft 365"groups to handle permissions.
The process is to add users to Groups (Security or Microsoft 365) and then give permissions using the group. Security groups can be managed dynamically i.e. if you are in a division you automatically belong to a security group. Or Security groups allow for users to be added individually (there is also a bulk upload).
This keeps management simple, as the Microsoft groups and Security groups can be reused to grant various apps and reports permissions.
Tip: You cannot use distribution groups to assign rights to SharePoint or Power Platform.
