Recently, Microsoft introduced a new security role for Power Platform administrators, appropriately called the Power Platform administrator role. Previously, there have been two types of administration roles for the Power Platform:
- Environment admin
- Tenant (Global) admin
With these two roles, there were challenges in providing enough access, but not too much access. This new role aligns to the ‘principles of least privilege’. For organizations with many environments, assigning the Environment admin role became too cumbersome and did not allow for establishing tenant-wide DLP policies. Using the alternative approach, of assigning the Tenant (Global) admin role, gave administrators too much power by granting access to administrative functions in other Microsoft services, beyond, the Power Platform.
By using the Power Platform admin role, administrators have permissions previously found with tenant admin privileges, but without the admin access to other Microsoft services.
Please check out the following video on my YouTube channel where I go through this new role in more detail and demonstrate how to assign it.