Applies to Product- Power Automate
What’s happening?
Users in the Power Platform environment are able to delete each other's solutions, which raises concerns about unauthorized modifications, especially in environments that include both staff and student users.
Reason:
This arises because the default security role assigned to users in the Power Platform default environment is 'Environment Maker', which includes permissions to delete any solution in the organization.
Resolution:
To address this of users being able to delete each other's solutions in the Power Platform environment, the following best practices can be implemented:
- Restrict Environment Maker Role: Remove the Environment Maker role from users who do not need it, as this role includes permissions to delete any solution in the environment.
- Create Custom Security Roles: Develop custom security roles that grant only the necessary permissions. For example, create a role that allows users to view and modify their own solutions but not delete them.
- Use Environment Groups: Organize users into environment groups based on their roles (e.g., Staff and Students). Apply different security roles and permissions to each group to ensure that users have the appropriate level of access.
- Communicate Policies and Procedures: Ensure that all users are aware of the policies and procedures related to environment management, including their roles and responsibilities, as well as the consequences of unauthorized actions.
https://learn.microsoft.com/en-us/power-platform/admin/database-security
https://learn.microsoft.com/en-us/power-platform/alm/overview-alm
