You’re offline. This is a read only version of the page.
10
Hello,
I belong to a fairly large and distributed organization. We have a single global Microsoft Online tenant / AAD, but we manage several independent implementations of D365 (both F&SCM and CE).
On the CE side, I am struggling to come up with a way to provide entity-level admins permissions to do things like copy environments, restore environments, set transition dates for the interface and so on, because I do not see anyway to assign the relevant roles (D365 Service Admin or Power Platform Admin) to a user for only the environments that belong to that user.
Has anyone already solved that problem, or heard of something upcoming in the MS roadmap that would help with this ? It's creating a lot of low-value activity for our central team, but we just don't see a solution yet.
Thanks,
Jeremy Gibbons
Thanks Johnny. I think you're correct: they have the Sys Admin rôle inside their D365 environments, but do not have a global Dynamics 365 admin role. I guess I need to do some clean up on the ACLs first.
Thanks for your help !
Hi Jeremy,
Sorry for the late reply. Could you help confirm whether these SA have the Environment Admin or System Administrator role?
Kind Regards
Johnny
Hello,
Thanks, that is useful information. However, we have found that although the people with sysadmin roles on several environments can see those environments in the PPAdmin portal, and can click on the buttons to perform an environments copy, the actual copy fails, whereas when a Global Admin like myself does it, it works fine. Any thoughts as to what we're missing ?
Thanks again.
Hi Jeremy Gibbons,
Environment Admins or System Administrators can copy all available environments. System administrators can copy environments for which they have the Environment Admin or System Administrator role.
Kind Regards
Johnny
Hi Johnny,
Thanks for the reply. I know we can use Security Groups to allow certain admins to access the "inside" of individual D365 CE environments. But does a D365 Service Admin have the ability to initiate actions in the Power Platform console such as copying / restoring environments, or only actions inside of a D365 environment ?
Hi Jeremy,
You could let different CE system administrator to manage different environment with Security Group.
Official Doc: https://docs.microsoft.com/en-us/microsoft-365/admin/email/create-edit-or-delete-a-security-group?view=o365-worldwide
Community Blog: https://community.dynamics.com/365/b/d365demystified/posts/restrict-user-access-to-a-d365-instance-using-security-groups
Dynamics 365 system admin can sign in to and manage multiple environments. While if an environment uses a security group, a service admin would need to be added to the security group in order to manage that environment. Not assigning to an in place security group essentially locks these admins out of any admin management.
While be noted that Security group doesn't work for Power Platform admins. PP Admins could manage all environments even if not added to an environment's security group.
Reference Doc: https://docs.microsoft.com/en-us/power-platform/admin/use-service-admin-role-manage-tenant
Hope above would help.
Regards
Johnny
Stay up to date on forum activity by subscribing. You can also customize your in-app and email Notification settings across all subscriptions.
#1
André Arnaud de Cal...
291,240
Super User 2024 Season 2
#2
Martin Dráb
230,149
Most Valuable Professional
#3
nmaenpaa
101,156
Share
Report
All responses (
Answers (