Skip to main content

Configuring least-privilege permissions for Microsoft Planner

Jaedon Farrugia
Updated

For added security, we recommend configuring least-privilege permissions for this integration. You can configure table-level permissions for a service account user by following the steps below.

  1. Check your Microsoft permissions: Ensure your user account has the following role:
    • Application Administrator: Your user must have this role to connect the integration. It can be removed after setup.
    • Power Platform Administrator: This role is not granted to Subble, but you will need it to create a least-privilege user.
       
  2. Create a new custom role: Choose an existing user, or create a new user and follow the steps below
    • Head to Power Platform - Environments.
    • Click the ellipsis next to the environment you would like to connect.
    • Click on Membership and ensure you are set up as a System Administrator in the environment.
    • Click on the environment name and head to Security Roles.
    • Click on New role to create a new, custom role.
    • Give it a name like Subble Integration and click Save.
    • Open the new role by clicking on it.
    • Set the Read level to Organization for the following tables:
      • systemuser
      • msdyn_project
      • msdyn_projectbaselinedata
      • msdyn_projectbucket
      • msdyn_projecthistory
      • msdyn_projecttask
      • msdyn_projectteam
    • Remove any other permissions as needed.
    • Click on Save + close at the top of the page.

Note: Regardless of the permissions granted, Subble will only ever read metadata (timestamps and user ids) from Dataverse tables, we do not sync or store any project data or PII.

  1. Configure user roles: Grant the role to your user.
    • Navigate back to Environments on the left sidebar menu.
    • Select your environment by clicking on it.
    • Click on Users: See all.
    • Click on the service account user and select Manage roles.
    • Deselect any existing roles, and assign the newly created role to this user.
       
  2. Enter your Web API endpoint into Subble:
    • Sign in to Power Apps.
    • Choose your environment in the top-right corner.
    • Click the gear icon Settings.
    • Select Developer resources.
    • Copy the Web API endpoint.
    • Paste the URL into the Subble connection modal.
       
  3. Connection Click Connect. You will be redirected to Microsoft's confirmation screen.

Related articles

Comments

0 comments

Please sign in to leave a comment.