Maker Environment Request App - Least Privilege Security Principle #8644
Comments
kalpananirapure
added
bug
|
Hello, in our testing we don't grant the basic user SR as we just have the person use a link to the app rather than browse to the envt an find the app. Thats the goal with our SR. If you want them to have access to the envt itself, for exaple the ability to browse the apps, then you will need to grant more SR's. Basic user is likely the correct one if thats your goal. |
|
Regarding this app, can you please share a screenshot with your specific issue? |
|
Thanks for prompt response. Please find the issue i'm facing while making an environment request SR Assignedmaker-powerplatform (M365 email enabled group) -->
Note:
Please find the view below when Pradeep Gupta tries to request new environment using the Maker app
|
|
I see this error on network { |
|
To area owner for investigation. |
|
+1 to this as we are experiencing this problem in our COE environment. Maker granted proper SR and Maker Command Center allows Maker SR to access the app. Unable to submit Environment requests without also providing basic user SR alongside. |
|
I went ahead and fixed this one for August myself. Here is the fix if you want to patch locally |
|
The default "Members Privilege inheritance" is set to "Teams" in June release. has that changed in July/Upcoming August release?
Shall I change that to "Direct User + Teams" ??? |
|
Changing to "Direct User + Teams" and setting the AppendTo = Organization for User Table fixes the issue. The Makers are now able to request environment |
github-project-automation
bot
moved this from Code complete ☑
to Done ✅
in CoE Starter Kit
|
fixed in August release https://github.com/microsoft/coe-starter-kit/releases/tag/CoEStarterKit-August2024 |
Does this bug already exist in our backlog?
Describe the issue
Hi,
I have setup COE Started Kit using June 2024 build, everything is up and running.
Now I'm trying to apply Least Privilege Security Principle , for makers to only access the shared maker apps from COE Environment.
I've granted following SR to maker user
Using above when I try with the maker user to request an Env. using Maker Env. request app, at last step I get network error stating I do not have sufficient permission.
What other permission should be applied, I do not want to give Environment Maker, I'm assuming with "Power Platform Maker SR" role should cover the required permission to underline tables.
What am I missing?
Expected Behavior
with only two min roles assigned to maker user
Maker user should be able to request Environment.
Lastly, when using M365 email enabled group which is linked to Teams in environment, the SR at teams level should automatically propagate to user, i shouldn't be setting the same permission on the user object again. Please indicate if I'm missing something and doing wroing. Nothing has been explicitly mentioned in documentation.
What solution are you experiencing the issue with?
Core
What solution version are you using?
4.32.2
What app or flow are you having the issue with?
Maker Environment Request
What method are you using to get inventory and telemetry?
None
Steps To Reproduce
No response
Anything else?
No response
AB#3800
The text was updated successfully, but these errors were encountered: