From bdb0db4acfdfb4e8cc9827f641c504a3c2eec3fb Mon Sep 17 00:00:00 2001 From: RyZum <6966170+Nicolas-Ding@users.noreply.github.com> Date: Tue, 20 Feb 2024 11:27:53 +0100 Subject: [PATCH 1/3] Add details about custom privileges required for running desktop flows --- articles/desktop-flows/desktop-flows-security.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/articles/desktop-flows/desktop-flows-security.md b/articles/desktop-flows/desktop-flows-security.md index 79f645aeb..f19865d38 100644 --- a/articles/desktop-flows/desktop-flows-security.md +++ b/articles/desktop-flows/desktop-flows-security.md @@ -90,6 +90,10 @@ Following security roles are available out-of-the-box with Power Automate. The environment maker role in Dataverse is a built-in security role that lets users create and manage their resources associated with an environment. This includes apps, connections, custom APIs, gateways, cloud flows, and desktop flows, as long as the user has the appropriate license for the intended product area. :::image type="content" source="media/desktop-flows-security-roles/environment-maker.png" alt-text="Screenshot of the permissions for the Environment Maker role." lightbox="media/desktop-flows-security-roles/environment-maker.png"::: + > [!NOTE] + > + > In order to be able to run a desktop flow, the user needs at least the "Append", "AppendTo", "Create", "Read" and "Write" permissions on the flowsession table and "Read", "Append" and "AppendTo" permissions on the process table. + ### Desktop flows machine configuration admin This role is typically assigned to CoE or IT admins that manage VM images and virtual networks. Users with this role have full privileges on the VM image and VNet specific tables, which are used for hosted machine scenarios. In particular, this allows users with this role to add VM images, image versions and share/unshare VM images to be used for created hosted machine scenarios in their environment. @@ -127,4 +131,4 @@ This role is used by Power Automate cloud services when interacting with the Dat - [Security in Microsoft Dataverse](/power-platform/admin/wp-security) - [Security concepts in Microsoft Dataverse](/power-platform/admin/wp-security-cds) -- [Security roles in Microsoft Dataverse](/power-platform/admin/security-roles-privileges) \ No newline at end of file +- [Security roles in Microsoft Dataverse](/power-platform/admin/security-roles-privileges) From d177d5e88266171e412338ec21154e87512f4ce5 Mon Sep 17 00:00:00 2001 From: RyZum <6966170+Nicolas-Ding@users.noreply.github.com> Date: Thu, 22 Feb 2024 10:28:37 +0100 Subject: [PATCH 2/3] Update desktop-flows-security.md --- articles/desktop-flows/desktop-flows-security.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/articles/desktop-flows/desktop-flows-security.md b/articles/desktop-flows/desktop-flows-security.md index f19865d38..4ef8637a6 100644 --- a/articles/desktop-flows/desktop-flows-security.md +++ b/articles/desktop-flows/desktop-flows-security.md @@ -81,6 +81,14 @@ For example, you might create a security role that allows users to create, read, Overall, privileges are a key component of the security model in Dataverse, and are used to control access to resources in a granular and flexible way. + > [!NOTE] + > + > In order to be able to run a desktop flow, the user needs at least the following permissions: + > - "Append", "AppendTo", "Create" and "Write" on the flowsession table + > - "Append", "AppendTo", "Create" and "Write" on the workflowbinary table. + > - "Read" permissions on the workflow table. + > - "Read" on the desktopflowbinary table. + ## Power Automate specific security roles Following security roles are available out-of-the-box with Power Automate. @@ -90,10 +98,6 @@ Following security roles are available out-of-the-box with Power Automate. The environment maker role in Dataverse is a built-in security role that lets users create and manage their resources associated with an environment. This includes apps, connections, custom APIs, gateways, cloud flows, and desktop flows, as long as the user has the appropriate license for the intended product area. :::image type="content" source="media/desktop-flows-security-roles/environment-maker.png" alt-text="Screenshot of the permissions for the Environment Maker role." lightbox="media/desktop-flows-security-roles/environment-maker.png"::: - > [!NOTE] - > - > In order to be able to run a desktop flow, the user needs at least the "Append", "AppendTo", "Create", "Read" and "Write" permissions on the flowsession table and "Read", "Append" and "AppendTo" permissions on the process table. - ### Desktop flows machine configuration admin This role is typically assigned to CoE or IT admins that manage VM images and virtual networks. Users with this role have full privileges on the VM image and VNet specific tables, which are used for hosted machine scenarios. In particular, this allows users with this role to add VM images, image versions and share/unshare VM images to be used for created hosted machine scenarios in their environment. From aa2d2fab82278c204261e2a73fe67b58fbddd47b Mon Sep 17 00:00:00 2001 From: RyZum <6966170+Nicolas-Ding@users.noreply.github.com> Date: Fri, 23 Feb 2024 17:26:37 +0100 Subject: [PATCH 3/3] Update desktop-flows-security.md --- articles/desktop-flows/desktop-flows-security.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/articles/desktop-flows/desktop-flows-security.md b/articles/desktop-flows/desktop-flows-security.md index 4ef8637a6..c4a1a3d7b 100644 --- a/articles/desktop-flows/desktop-flows-security.md +++ b/articles/desktop-flows/desktop-flows-security.md @@ -83,11 +83,11 @@ Overall, privileges are a key component of the security model in Dataverse, and > [!NOTE] > - > In order to be able to run a desktop flow, the user needs at least the following permissions: - > - "Append", "AppendTo", "Create" and "Write" on the flowsession table - > - "Append", "AppendTo", "Create" and "Write" on the workflowbinary table. - > - "Read" permissions on the workflow table. - > - "Read" on the desktopflowbinary table. + > In order to be able to run a desktop flow, the user needs at least the following privileges: + > - Basic Append, AppendTo, Create and Write privileges on the flowsession table + > - Basic Append, AppendTo, Create and Write privileges on the workflowbinary table. + > - Basic Read privilege on the workflow table. + > - Basic Read privilege on the desktopflowbinary table. ## Power Automate specific security roles