Roles required for portal administration

Different administrative tasks in Power Apps portals can be performed by members of different roles. The admin and security roles required to do these tasks vary depending on the impact area.

For example, some tasks might require the user to be a member of admin roles in Microsoft 365, and others might need membership to security roles in the Microsoft Power Platform environment.

In this article, you'll learn about the roles and permissions required to do different administrative tasks for portals.

Required roles and permissions

The following table lists different administrative tasks for portals, and the roles required to do that task. Users who are members of those roles can perform the corresponding task.

Task Required roles
Add a custom domain name Any one of the following roles:
Change the Dynamics 365 instance of an add-on portal Any one of the following roles:
Connect to a Microsoft Dataverse environment by using a portal Any one of the following roles:
Convert an existing portal to capacity-based model Portal app owner and any one of the following roles:
Convert a portal from trial to production Portal app owner and any one of the following roles:
Create a portal Required roles and permissions in Azure Active Directory (Azure AD):
Required roles and permissions in Microsoft Power Platform (both are required):
    Download the public key of a portal Any one of the following roles:
    Import metadata translation Any one of the following roles:
    Reset a portal Portal app owner and any one of the following roles:
    Update the Dynamics 365 instance of a portal User account with Read-Write Access Mode and any one of the following roles:
    Update portal packages User account with Read-Write Access Mode and System administrator
    View portal error logs Any one of the following roles:

    Manage membership of the required roles

    This section describes how to manage the membership of the required roles in the preceding table for different kinds of administrative tasks in Power Apps portals.

    Dynamics 365 administrator

    Dynamics 365 administrator is a Microsoft Power Platform service admin role. This role can do admin functions on Microsoft Power Platform because they have the system admin role.

    To assign a user the Dynamics 365 administrator role, go to Assign a service admin role to a user.

    Global administrator

    Global administrator is a Microsoft 365 admin role. A person who purchases the Microsoft business subscription is a global administrator. A global administrator has unlimited control over products in the subscription and access to most data.

    To assign a user the global administrator role, go to Assign admin roles in Microsoft 365.

    More information: About admin roles in Microsoft 365

    Portal app owner

    A portal app owner is a user who owns portal application registration in the Azure portal.

    To add an app owner for the portal app in the Azure portal

    1. Sign in to the Azure portal.

    2. Search for and select Azure Active Directory.

    3. Under Manage, select App registrations.

    4. Select the Power Apps portals app from the list of available applications.

    5. Under Manage, select Owners.

    6. Select Add owners.

    7. Select a user.

    8. Select Select.

    The user is added as an owner of the portal app.

    Portal owner

    The portal owner is the user who created the Power Apps portal. This role can't be managed and can't be changed.

    Read-Write Access Mode

    This is a user account in Microsoft Power Platform with Access Mode set to Read-Write. More information: Create a Read-Write user account

    System administrator

    System administrator is a Microsoft Power Platform security role. This role has full permissions to customize and administrator a Microsoft Power Platform environment.

    To assign a user the System administrator Power Platform role, go to Configure user security to resources in an environment.

    System customizer

    System customizer is a Microsoft Power Platform security role. This role has full permissions to customize a Microsoft Power Platform environment.

    To assign a user the System administrator Power Platform role, go to Configure user security to resources in an environment.

    Power Platform administrator

    Power Platform administrator is a Microsoft Power Platform service admin role. This role can perform admin functions on Microsoft Power Platform because they have the system admin role.

    To assign a user the Power Platform administrator role, go to Assign a service admin role to a user.

    See also

    Portal admin center
    Portal Management app
    Portal site settings