Let's POWER Automate

From no-code to low-code

Menu
  • Expressions
  • Filters
  • General
  • Application specific solutions
    • Dataverse
    • Excel
    • Forms
    • Outlook
    • Planner
    • Power Apps
    • SharePoint
    • Teams
  • Triggers
  • Ready to use solutions
    • Approval Process Solution
    • Task Delegation App
    • The Ultimate Power Automate expressions cheat sheet
    • Power Automate HTTP requests to SharePoint cheat sheet
    • Power Automate HTTP requests to Graph API cheat sheet
  • ABOUT ME
  • Get help with your flow
  • POWER PLATFORM SERVICES
Menu

How to manage user security roles with Power Automate flow

Posted on December 15, 2024December 15, 2024 by Tom

“I don’t want to ask platform admins each time there’s a change in user security roles, can I manage them myself with Power Automate flow?”


In the standard scenario, it’s the Power Platform environment admin who manages the roles using the admin portal. A user needs access to a specific solution, admin will manually assign a role. Once he doesn’t need it anymore, admin will manually remove it. That sounds like a lot of work, especially if the users are often changing. And a time consuming work, if you’re not the admin but need to ask somebody else to do it.

How could you avoid all this manual labour? Can a flow automate some of the work for your and/or the Power Platform administrator?

Note: according to documentation you can’t assign a role with higher privileges that you have, I believe it’s the same also with the flow.

List all users and their roles

Before we start adding and removing the roles, let’s list all the users and their roles first. There’re two Dataverse tables relevant for this solution – ‘User’ (list of users) and ‘Security Role’ (list of security roles). Each user has assigned 0-n security roles.

To see them add the ‘List rows’ action and list all the users. I like reducing the output a bit and Select only columns relevant for the solution. It’s not a necessity, but in this case it’s the user first name, last name, and email address.

Select columns:
firstname,lastname,internalemailaddress

Since it’s two related tables, use also the Expand Query parameter to get the related roles right away. Again, you can Select only some of the columns, e.g. name and role id.

Expand Query:
systemuserroles_association($select=name,roleid)
Power Automate manage user security roles

As you can see above, the response JSON will contain a list of all users with their roles.

Add security role to a user

Assigning a security role to a user means creating a relationship between the User and the Security Role.

Start by finding the security role in the Security Role table, e.g. the ‘Approvals User’ role.

Filter rows:
name eq '<role name>'

The second input will be the user who should get this role from the ‘User’ table. Find him using ‘Filter array’ if you listed the users & roles first (the previous chapter), or with another filtered ‘List rows’ action.

Filter rows:
internalemailaddress eq '<email address>'

These two actions will give you the input for the ‘Relate rows’ action that’ll create the connection. Add it to your flow and extract the desired values from the output JSON with expressions – the user id and the role @odata.id, e.g.

User id:
first(outputs('List_rows_-_find_user')?['body/value'])?['systemuserid']

Role @odata.id:
first(outputs('List_rows_-_find_security_role')?['body/value'])?['@odata.id']
Power Automate manage user security roles

Run the flow and the user will receive the desired role on the environment (if you have a good enough role yourself).

Remove security role from a user

Removing a security role is very similar to adding a role, the only difference is in the action you run. Instead of ‘Relate rows’ use the ‘Unrelate rows’, the rest stays the same.

Power Automate manage user security roles

Summary

As you can see in this article, you can quite easily manage user security roles with a Power Automate flow. The users are stored in the ‘User’ dataverse table, security roles in the ‘Security Role’ table, and role assignment is only a relationship between a user and a role. You can list them, you can create them, you can remove them, all the operation you might need for a simplified user role management.


πŸš€ Master Power Automate

Join 2,100+ professionals getting actionable Power Automate tutorials, solutions, cheat sheets & tips every week.

No spam. Unsubscribe anytime.

2 thoughts on “How to manage user security roles with Power Automate flow”

  1. josee says:
    January 25, 2025 at 12:00 am

    great!! That was really useful! I just wonder how can I filter by an object id as example, to do that with a security group? Thanks

    Reply
    1. Tom says:
      February 23, 2025 at 12:41 pm

      Hello josee,
      I’m not sure I understand the question, but there’s always the ‘Filter array’ action to filter anything if there’s no direct possibility in the action.

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

πŸš€ Master Power Automate

Join 2,100+ professionals getting actionable Power Automate tutorials, solutions, cheat sheets & tips every week.

No spam. Unsubscribe anytime.

Still exchanging emails to get things approved?

Get the Approval Process solution and the Task Delegation App to skip the hard part and deploy an automated, fully functional approval solution on a SharePoint list in minutes! And then the next one, and the next one...

Approval Template Preview ✨ Learn more ✨

Turn ideas into flows with ease!

Grab the complete Power Automate Cheat Sheet Bundleβ€”everything you need to master expressions, SharePoint HTTP calls, and Graph API in Power Automate.

Cheat Sheet Bundle Preview ✨ Get the Cheat Sheets

Didn't find what you were looking for?
Need to adjust a solution to fit your needs?
Or would you just like to get an assistance from somebody with thousands of hours of experience with Power Automate?

Power Automate blogs worth visiting

Damien Bird
Dennis (Expiscornovus)
Paul Murana

©2025 Let's POWER Automate | Theme by SuperbThemes