Overcome disabled PowerApps co-owner sharing with AD group

Posted on by Tom

“I’m trying to add AD group as co-owner in PowerApps, but the checkbox is disabled, what can I do about it?”

When you manage access in Microsoft environment, you might want to use AD groups instead of specific users. While users can join or leave your organisation and it’s hard to keep track of the individual permissions, M365 groups will stay. The same principle applies to PowerApps ownership too. Instead of keeping application ownership on specific users, you might want to co-own them with a group.

But that works only if it’s a separate application. Once you add it into a Solution, and you should add it into a solution, such option will be disabled.

PowerApps co-owner group disabled

How do you then share the app with the group?

Use PowerShell to add the co-owner

If something is not doable using the interface, there’s a high chance that there’s another way. It could be some http request in a flow, or a PowerShell script as in this example.

Run the ‘Windows PowerShell ISE’ application on your Windows machine as an administrator. If you don’t have such option you might need to contact your local IT.

Administrator is necessary because you must install two modules to work with PowerApps.

Install-Module -Name Microsoft.PowerApps.Administration.PowerShell
Install-Module -Name Microsoft.PowerApps.PowerShell -AllowClobber

Once you have the modules, gather some information – the AD group id, application id, and the Power Platform environment id.

You can find the AD group id in Azure or using one of the ‘List groups…’ actions in a flow.

Application (blue) and environment (red) id is in the application details.

Store them into variables in the script, e.g.

$groupId = "367e79b7-a0ed-48d8-99c3-a140a64a8f44"
$appId = "fa1545f5-2d29-4022-a0b1-f883214a2e9e"
$envId = "Default-c3adda97-555b-44f6-9fbb-ecf0395f334b"

Once ready, there’s just one more command to use for the sharing.

Set-AdminPowerAppRoleAssignment -PrincipalType Group -PrincipalObjectId $groupId -RoleName CanEdit -AppName $appId -EnvironmentName $envId
PowerApps co-owner group disabled

Run the script and check that the AD group was added among the app co-owners.

PowerApps co-owner group disabled

Summary

As you can see, there’s always some workaround to achieve what you need. In this case, even if PowerApps disabled co-owner sharing with an AD group, you can still bypass it using PowerShell. It isn’t a low-code solution, far from it, but learning a bit of PowerShell will never hurt anyway.

Next week I’ll show you how to get rid of the annoying connection confirmation popup when launching the PowerApp.

Do you struggle with the various expressions, conditions, filters, or HTTP requests available in Power Automate?

I send one email per week with a summary of the new solutions, designed to help even non IT people to automate some of their repetitive tasks.

All subscribers have also access to resources like a SharePoint Filter Query cheat sheet or Date expressions cheat sheet.

Zero spam, unsubscribe anytime.

1 thought on “Overcome disabled PowerApps co-owner sharing with AD group

  1. Pingback: From the Microsoft Power Platform blogs: Power Apps form; Power Apps co-owner sharing; Site security; Dataverse file attachments - Cloudproz

Leave a Reply

Your email address will not be published. Required fields are marked *