Roles required for portal administration
Different administrative tasks in Power Apps portals can be performed by members of different roles. The admin and security roles required to do these tasks vary depending on the impact area.
For example, some tasks might require the user to be a member of admin roles in Microsoft 365, and others might need membership to security roles in the Microsoft Power Platform environment.
In this article, you'll learn about the roles and permissions required to do different administrative tasks for portals.
Required roles and permissions
The following table lists different administrative tasks for portals, and the roles required to do that task. Users who are members of those roles can perform the corresponding task.
| Task | Required roles |
|---|---|
| Add a custom domain name | Any one of the following roles: |
| Change the Dynamics 365 instance of an add-on portal | Any one of the following roles: |
| Manage portal authentication key | Portal App owner and any one of the following roles: |
| Convert an existing portal to capacity-based model | Portal app owner and any one of the following roles: |
| Convert a portal from trial to production | Portal app owner and any one of the following roles: |
| Create a portal | Required roles and permissions in Azure Active Directory (Azure AD):
Required roles and permissions in Microsoft Power Platform (both are required):
|
| Download the public key of a portal | Any one of the following roles: |
| Import metadata translation | Any one of the following roles: |
| Reset a portal | Portal app owner and any one of the following roles: |
| Update the Dynamics 365 instance of a portal | User account with Read-Write Access Mode and any one of the following roles: |
| Update portal packages | User account with Read-Write Access Mode and System administrator |
| View portal error logs | Any one of the following roles: |
Manage membership of the required roles
This section describes how to manage the membership of the required roles in the preceding table for different kinds of administrative tasks in Power Apps portals.
Dynamics 365 administrator
Dynamics 365 administrator is a Microsoft Power Platform service admin role. This role can do admin functions on Microsoft Power Platform because they have the system admin role.
To assign a user the Dynamics 365 administrator role, go to Assign a service admin role to a user.
Global administrator
Global administrator is a Microsoft 365 admin role. A person who purchases the Microsoft business subscription is a global administrator. A global administrator has unlimited control over products in the subscription and access to most data.
To assign a user the global administrator role, go to Assign admin roles in Microsoft 365.
More information: About admin roles in Microsoft 365
Portal app owner
A portal app owner is a user who owns portal application registration in the Azure portal.
To add an app owner for the portal app in the Azure portal
Sign in to the Azure portal.
Search for and select Azure Active Directory.
Under Manage, select App registrations.
Select the Power Apps portals app from the list of available applications.
Under Manage, select Owners.
Select Add owners.
Select a user.
Select Select.
The user is added as an owner of the portal app.
Portal owner
The portal owner is the user who created the Power Apps portal. This role can't be managed and can't be changed.
Read-Write Access Mode
This is a user account in Microsoft Power Platform with Access Mode set to Read-Write. More information: Create a Read-Write user account
System administrator
System administrator is a Microsoft Power Platform security role. This role has full permissions to customize and administrator a Microsoft Power Platform environment.
To assign a user the System administrator Power Platform role, go to Configure user security to resources in an environment.
System customizer
System customizer is a Microsoft Power Platform security role. This role has full permissions to customize a Microsoft Power Platform environment.
To assign a user the System administrator Power Platform role, go to Configure user security to resources in an environment.
Power Platform administrator
Power Platform administrator is a Microsoft Power Platform service admin role. This role can perform admin functions on Microsoft Power Platform because they have the system admin role.
To assign a user the Power Platform administrator role, go to Assign a service admin role to a user.
See also
Portal admin center
Portal Management app
Portal site settings