Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add details about custom privileges required for running desktop flows #1375

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
+9 −1
Open

Add details about custom privileges required for running desktop flows #1375

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
bdb0db4
Add details about custom privileges required for running desktop flows
Nicolas-Ding Feb 20, 2024
d177d5e
Update desktop-flows-security.md
Nicolas-Ding Feb 22, 2024
aa2d2fa
Update desktop-flows-security.md
Nicolas-Ding Feb 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Update desktop-flows-security.md
@Nicolas-Ding
Nicolas-Ding authored Feb 22, 2024
commit d177d5e88266171e412338ec21154e87512f4ce5
12 changes: 8 additions & 4 deletions articles/desktop-flows/desktop-flows-security.md
View file
Original file line number Diff line number Diff line change
@@ -81,6 +81,14 @@ For example, you might create a security role that allows users to create, read,

Overall, privileges are a key component of the security model in Dataverse, and are used to control access to resources in a granular and flexible way.

> [!NOTE]
>
> In order to be able to run a desktop flow, the user needs at least the following permissions:
> - "Append", "AppendTo", "Create" and "Write" on the flowsession table
> - "Append", "AppendTo", "Create" and "Write" on the workflowbinary table.
> - "Read" permissions on the workflow table.
> - "Read" on the desktopflowbinary table.

## Power Automate specific security roles

Following security roles are available out-of-the-box with Power Automate.
@@ -90,10 +98,6 @@ Following security roles are available out-of-the-box with Power Automate.
The environment maker role in Dataverse is a built-in security role that lets users create and manage their resources associated with an environment. This includes apps, connections, custom APIs, gateways, cloud flows, and desktop flows, as long as the user has the appropriate license for the intended product area.
:::image type="content" source="media/desktop-flows-security-roles/environment-maker.png" alt-text="Screenshot of the permissions for the Environment Maker role." lightbox="media/desktop-flows-security-roles/environment-maker.png":::

> [!NOTE]
>
> In order to be able to run a desktop flow, the user needs at least the "Append", "AppendTo", "Create", "Read" and "Write" permissions on the flowsession table and "Read", "Append" and "AppendTo" permissions on the process table.

### Desktop flows machine configuration admin

This role is typically assigned to CoE or IT admins that manage VM images and virtual networks. Users with this role have full privileges on the VM image and VNet specific tables, which are used for hosted machine scenarios. In particular, this allows users with this role to add VM images, image versions and share/unshare VM images to be used for created hosted machine scenarios in their environment.