Home > Get Started > Permissions for App Authorization > Permissions for Power Platform Management
Export to PDFPermissions for Power Platform Management
The table below lists the permissions that you need to consent when adding the EnPower for Power Platform service app and the permissions you need to grant to your custom Azure app with delegated permissions in AvePoint Online Services.
Permissions for Power Platform Management
| EnPower feature | Permission | API | Type |
|---|---|---|---|
| Load users in people pickers | User.Read.All(Read all users’ full profiles) | Microsoft Graph | Application |
| Load groups in people pickers | Group.Read.All(Read all groups) | Microsoft Graph | Application |
| Manage security groups in environments | GroupMember.ReadWrite.All(Read and write all group memberships) | Microsoft Graph | Application |
| Apply sensitivity labels to Power Platform resources | InformationProtectionPolicy.Read.All(Read all published labels and label policies for an organization) | Microsoft Graph | Application |
| Retrieve user properties | Directory.Read.All(Read directory data) | Microsoft Graph | Application |
| Manage mail-enabled security groups and distribution groups in environments | Exchange.ManageAsApp(Manage Exchange as application)*Note: The app must have the Exchange Administrator role, or you need to assign custom Exchange Online role groups to the app. For how to assign roles or Exchange Online role groups to the app, refer to the instructions in How to Assign the Exchange Administrator Role to an App?. | Office 365 Exchange Online | Application |
| Retrieve and list environments, connections, connectors, Power Apps, and flows | User(Access the Power Apps Service API) | Commercial environment: PowerApps ServiceGCC environment: PowerApps Service – GCCGCC High environment: PowerApps Service – GCC L4 | Delegated |
| Manage environment settings and membership of environment teams | User(Access the Power Apps Service API) | Commercial environment: PowerApps ServiceGCC environment: PowerApps Service – GCCGCC High environment: PowerApps Service – GCC L4 | Delegated |
| Update Managed Environments settings | User(Access the Power Apps Service API) | Commercial environment: PowerApps ServiceGCC environment: PowerApps Service – GCCGCC High environment: PowerApps Service – GCC L4 | Delegated |
| Retrieve and update DLP policies | User(Access the Power Apps Service API) | Commercial environment: PowerApps ServiceGCC environment: PowerApps Service – GCCGCC High environment: PowerApps Service – GCC L4 | Delegated |
| Create and delete connections | User(Access the Power Apps Service API) | Commercial environment: PowerApps ServiceGCC environment: PowerApps Service – GCCGCC High environment: PowerApps Service – GCC L4 | Delegated |
| Manage flow permissions | User(Access the Power Apps Service API) | Commercial environment: PowerApps ServiceGCC environment: PowerApps Service – GCCGCC High environment: PowerApps Service – GCC L4 | Delegated |
| Retrieve flows’ trigger history | User(Access the Power Apps Service API) | Commercial environment: PowerApps ServiceGCC environment: PowerApps Service – GCCGCC High environment: PowerApps Service – GCC L4 | Delegated |
| Manage Power Apps’ permissions | User(Access the Power Apps Service API) | Commercial environment: PowerApps ServiceGCC environment: PowerApps Service – GCCGCC High environment: PowerApps Service – GCC L4 | Delegated |
| Enable or disable flows | User(Access the Power Apps Service API) | Commercial environment: PowerApps ServiceGCC environment: PowerApps Service – GCCGCC High environment: PowerApps Service – GCC L4 | Delegated |
| Copy environments, apps, and flows | User(Access the Power Apps Service API) | Commercial environment: PowerApps ServiceGCC environment: PowerApps Service – GCCGCC High environment: PowerApps Service – GCC L4 | Delegated |
| Retrieve and list environments, connections, connectors, Power Apps, Power Automate flows, and Copilot Studio agents | user_impersonation(Access Common Data Service as organization users) | Commercial environment: Dynamics CRMGCC or GCC High environment: Dataverse | Delegated |
| Manage environment settings and membership of environment teams | user_impersonation(Access Common Data Service as organization users) | Commercial environment: Dynamics CRMGCC or GCC High environment: Dataverse | Delegated |
| Manage flow owners, | user_impersonation(Access Common Data Service as organization users) | Commercial environment: Dynamics CRMGCC or GCC High environment: Dataverse | Delegated |
| Manage Power Apps’ permissions | user_impersonation(Access Common Data Service as organization users) | Commercial environment: Dynamics CRMGCC or GCC High environment: Dataverse | Delegated |
| Enable or disable flows | user_impersonation(Access Common Data Service as organization users) | Commercial environment: Dynamics CRMGCC or GCC High environment: Dataverse | Delegated |
| Copy environments, apps, and flows | user_impersonation(Access Common Data Service as organization users) | Commercial environment: Dynamics CRMGCC or GCC High environment: Dataverse | Delegated |
| Manage workspace basic information | Tenant.ReadWrite.All(Read and write all content in tenant) | Commercial environment: Power BI ServiceGCC or GCC High environment: Microsoft Power BI Government Community Cloud | Delegated |
| Add users to workspaces | Tenant.ReadWrite.All(Read and write all content in tenant) | Commercial environment: Power BI ServiceGCC or GCC High environment: Microsoft Power BI Government Community Cloud | Delegated |
| Retrieve capacities | Tenant.ReadWrite.All(Read and write all content in tenant) | Commercial environment: Power BI ServiceGCC or GCC High environment: Microsoft Power BI Government Community Cloud | Delegated |
| Retrieve artifact users | Tenant.ReadWrite.All(Read and write all content in tenant) | Commercial environment: Power BI ServiceGCC or GCC High environment: Microsoft Power BI Government Community Cloud | Delegated |
| Manage artifacts’ sensitivity labels | Tenant.ReadWrite.All(Read and write all content in tenant) | Commercial environment: Power BI ServiceGCC or GCC High environment: Microsoft Power BI Government Community Cloud | Delegated |
| View and manage workspace permissions | Workspace.ReadWrite.All(View and write all workspaces) | Commercial environment: Power BI ServiceGCC or GCC High environment: Microsoft Power BI Government Community Cloud | Delegated |
| Delete workspaces | Workspace.ReadWrite.All(View and write all workspaces) | Commercial environment: Power BI ServiceGCC or GCC High environment: Microsoft Power BI Government Community Cloud | Delegated |
| Manage dashboard permissions | Dashboard.ReadWrite.All(Read and write all dashboards) | Commercial environment: Power BI ServiceGCC or GCC High environment: Microsoft Power BI Government Community Cloud | Delegated |
| Delete dashboards | Dashboard.ReadWrite.All(Read and write all dashboards) | Commercial environment: Power BI ServiceGCC or GCC High environment: Microsoft Power BI Government Community Cloud | Delegated |
| Delete dataflows | Dataflow.ReadWrite.All(Read and write all dataflows) | Commercial environment: Power BI ServiceGCC or GCC High environment: Microsoft Power BI Government Community Cloud | Delegated |
| Retrieve dataflow refresh history | Dataflow.ReadWrite.All(Read and write all dataflows) | Commercial environment: Power BI ServiceGCC or GCC High environment: Microsoft Power BI Government Community Cloud | Delegated |
| Delete reports | Report.ReadWrite.All(Read and write all reports) | Commercial environment: Power BI ServiceGCC or GCC High environment: Microsoft Power BI Government Community Cloud | Delegated |
| Manage semantic model permissions | Dataset.ReadWrite.All(Read and write all datasets) | Commercial environment: Power BI ServiceGCC or GCC High environment: Microsoft Power BI Government Community Cloud | Delegated |
| Delete datasets | Dataset.ReadWrite.All(Read and write all datasets) | Commercial environment: Power BI ServiceGCC or GCC High environment: Microsoft Power BI Government Community Cloud | Delegated |
| Retrieve semantic model refresh history | Dataset.ReadWrite.All(Read and write all datasets) | Commercial environment: Power BI ServiceGCC or GCC High environment: Microsoft Power BI Government Community Cloud | Delegated |
| Customize email sender in AvePoint Online Services. | Mail.Send(Send mail as any user)*Note: This permission is not contained in the EnPower service app. To customize the email sender, you need to configure a custom app with this permission added. | Microsoft Graph | Application |
| Load and manage Power Pages sites*Note: Service principal is required if you re-authorize the EnPower for Power Platform service app or assign these permissions to your custom Azure app. For more details on the service principal configurations, refer to Authentication. | PowerPages.Websites.Read(Read Power Pages websites) | Power Platform API | Delegated |
| Load and manage Power Pages sites*Note: Service principal is required if you re-authorize the EnPower for Power Platform service app or assign these permissions to your custom Azure app. For more details on the service principal configurations, refer to Authentication. | PowerPages.Website.Write(Write Power Pages websites) | Power Platform API | Delegated |
Permissions for the Additional Setting in Copy
The table below lists the permissions that should be granted to the EnPower for Power Platform service app or the custom Azure app created in AvePoint Online Services for Power Platform management if you would like to configure the additional setting to display user friendly object names in analysis reports when copying Power Platform environments, Power Apps, and Power Automate flows.
| API | Permission | Type | Why do we need it? |
|---|---|---|---|
| Microsoft Graph | Group.Read.All(Read all groups) | Application | Retrieve and display information of Groups in copy analysis reports. |
| Microsoft Graph | Sites.Read.All(Read items in all site collections) | Application | Retrieve and display information of content in SharePoint Online sites in copy analysis reports. |
| Microsoft Graph | Team.ReadBasic.All(Get a list of all teams) | Application | Retrieve and display information of Teams in copy analysis reports. |
| Microsoft Graph | Channel.ReadBasic.All(Read the names and descriptions of all channels) | Application | Retrieve and display information of channels in copy analysis reports. |
| Microsoft Graph | Contacts.Read(Read contacts in all mailboxes) | Application | Retrieve and display information of mailbox contacts in copy analysis reports. |
| Microsoft Graph | Mail.ReadBasic.All(Read basic mail in all mailboxes) | Application | Retrieve and display information of basic mails in copy analysis reports. |
| Microsoft Graph | Calendars.Read(Read calendars in all mailboxes) | Application | Retrieve and display information of mailbox calendars in copy analysis reports. |
On this page