web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics 365 | Integration, Dataverse... / Assigning Service Admi...
Microsoft Dynamics 365 | Integration, Dataverse...
Answered

Assigning Service Admin / Power Platform Admin permissions for a subset of environments only ?

(0) ShareShare
ReportReport
Posted on by Jeremy Gibbons 10

Hello,

I belong to a fairly large and distributed organization. We have a single global Microsoft Online tenant / AAD, but we manage several independent implementations of D365 (both F&SCM and CE).

On the CE side, I am struggling to come up with a way to provide entity-level admins permissions to do things like copy environments, restore environments, set transition dates for the interface and so on, because I do not see anyway to assign the relevant roles (D365 Service Admin or Power Platform Admin) to a user for only the environments that belong to that user.

Has anyone already solved that problem, or heard of something upcoming in the MS roadmap that would help with this ? It's creating a lot of low-value activity for our central team, but we just don't see a solution yet.

Thanks,

Jeremy Gibbons

I have the same question (0)
  • Suggested answer
    Johnny Yun Profile Picture
    Johnny Yun 455 on at

    Hi Jeremy,

    You could let different CE system administrator to manage different environment with Security Group.

    Official Doc: https://docs.microsoft.com/en-us/microsoft-365/admin/email/create-edit-or-delete-a-security-group?view=o365-worldwide
    Community Blog: https://community.dynamics.com/365/b/d365demystified/posts/restrict-user-access-to-a-d365-instance-using-security-groups

    Dynamics 365 system admin can sign in to and manage multiple environments. While if an environment uses a security group, a service admin would need to be added to the security group in order to manage that environment. Not assigning to an in place security group essentially locks these admins out of any admin management.

    pastedimage1586662505465v1.png

    While be noted that Security group doesn't work for Power Platform admins. PP Admins could manage all environments even if not added to an environment's security group.

    Reference Doc: https://docs.microsoft.com/en-us/power-platform/admin/use-service-admin-role-manage-tenant

    Hope above would help.

    Regards

    Johnny

  • Jeremy Gibbons Profile Picture
    Jeremy Gibbons 10 on at

    Hi Johnny,

    Thanks for the reply. I know we can use Security Groups to allow certain admins to access the "inside" of individual D365 CE environments. But does a D365 Service Admin have the ability to initiate actions in the Power Platform console such as copying / restoring environments, or only actions inside of a D365 environment ?

  • Verified answer
    Johnny Yun Profile Picture
    Johnny Yun 455 on at

    Hi Jeremy Gibbons,

    Environment Admins or System Administrators can copy all available environments. System administrators can copy environments for which they have the Environment Admin or System Administrator role.

    https://docs.microsoft.com/en-us/power-platform/admin/copy-environment#copy-an-environment-to-a-sandbox-environment

    pastedimage1587097326083v1.png

    Kind Regards

    Johnny

  • Jeremy Gibbons Profile Picture
    Jeremy Gibbons 10 on at

    Hello,

    Thanks, that is useful information. However, we have found that although the people with sysadmin roles on several environments can see those environments in the PPAdmin portal, and can click on the buttons to perform an environments copy, the actual copy fails, whereas when a Global Admin like myself does it, it works fine. Any thoughts as to what we're missing ?

    Thanks again.

  • Suggested answer
    Johnny Yun Profile Picture
    Johnny Yun 455 on at

    Hi Jeremy,

    Sorry for the late reply. Could you help confirm whether these SA have the Environment Admin or System Administrator role?
    pastedimage1587890738646v1.png

    https://docs.microsoft.com/en-us/power-platform/admin/copy-environment#copy-an-environment-to-a-sandbox-environment

    Kind Regards

    Johnny

  • Jeremy Gibbons Profile Picture
    Jeremy Gibbons 10 on at

    Thanks Johnny. I think you're correct: they have the Sys Admin rôle inside their D365 environments, but do not have a global Dynamics 365 admin role. I guess I need to do some clean up on the ACLs first.

    Thanks for your help !

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Microsoft Dynamics 365 | Integration, Dataverse, and general topics

#1
Siv Sagar Profile Picture

Siv Sagar 93 Super User 2025 Season 2

#2
#ManoVerse Profile Picture

#ManoVerse 80

#3
Martin Dráb Profile Picture

Martin Dráb 64 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Identifying an Org as CDS or Dynamics
Get batch job history log from D365 FO to Power Automate
Gross and Net Weight of Shipments feeding back into Sales Order (from External Source)

Product updates

Dynamics 365 release plans