管理流Administer flows

了解如何使用环境和数据保护策略来管理数据源和流。Learn about using environments and data protection policies to manage data sources and flows.

You will learn how to...

使用环境来管理流Use environments to manage flows

什么是环境:What is an environment:

环境是一种虚拟空间,用来在 Common Data Service 中存储、管理和共享应用、流以及业务数据。An environment is a virtual space used to store, manage and share apps, flows, and business data in the Common Data Service. 环境按地理位置定位,因此环境的数据库中存储的所有应用和数据也都按地理位置定位。Environments are geolocated so all apps and data stored within an environment's database are geolocated as well.

应熟悉的术语Terms you should get familiar with

术语Term 说明Description
管理中心Admin center 管理中心是一个 Web 门户,用于管理你的所有环境和数据丢失防护策略。The admin center is a Web portal for managing all your environments and data loss prevention policies.
Common Data ServiceCommon Data Service Common Data Service 可用于为应用添加数据存储和建模功能。The Common Data Service allows you to add data storage and modeling capabilities to your apps.
环境角色Environment roles 两个环境角色是环境管理员和环境创建者。The two environment roles are Environment Admin and Environment Maker.
用户角色User roles 两个默认的用户角色是组织用户和数据库所有者。The two default user roles are Organization User and Database Owner. 可添加角色,并将权限与这些角色关联。You can add roles, and associate permissions with those roles.

环境的用途Purposes for an environment

你可以使用环境实现以下目的:You can use environments to:

  • 基于不同的角色、安全要求或用户分离应用、流和业务数据。Separate apps, flows and business data based on different roles, security requirements or users.
  • 根据团队或部门的位置分隔应用、流和业务数据。Separate apps, flows and business data based on the location of your teams or departments.
  • 管理测试和生产环境。Manage test and production environments.

如何使用环境How to use environments

环境可以有多个不同用途,具体取决于组织的需求,下面是一些示例:Environments can serve several different purposes, depending on your organizational needs, some examples are:

  • 可以选择在单个环境中生成所有应用和流。You can choose to build all your apps and flows in a single environment.
  • 可以选择为不同类型的应用和流创建环境。You could choose to create an environment for different types of apps and flows. 例如,可以为测试创建一个环境,为生产创建另一个环境。For example, you could create an environment for test and another environment for production.
  • 还可以选择根据组织结构或者甚至根据团队或部门的地理位置创建环境。You may also choose to create environments based on your organizational structure or even based on geographic location of your teams or departments. 例如,如果你在澳大利亚、墨西哥和欧洲有团队,则可以为这些位置中的每一个位置创建环境,并单独管理它们。For example, if you have teams in Australia, Mexico and Europe, you could create an environment for each of these locations and manage them independently.

注意:环境对用户不可见,这样用户便无需为所在的环境费心。Note: Environments are not visible to users so they don't need to be concerned with which environments they are in. 环境是管理员对组织的应用和流进行分类、管理和共享的工具。Environments are a tool for admins to categorize, manage and share organizational apps and flows.

什么是角色?What are roles?

对环境具有访问权限的人员必须为其分配环境管理员环境创建者角色。A person with access to an environment must be be assigned either the Environment Admin or the Environment Maker role. 环境管理员可以对环境执行所有管理任务。Environment admins can perform all administrative tasks on an environment. 环境创建者可以在现有环境中创建资源。An environment maker can create resources in an existing environment. 个人可以同时具有这两种角色。An individual can have both roles simultaneously.

注意:所有用户都会在被授予 Microsoft Flow 的访问权限时具有默认环境的访问权限。Note: All users will have access to a default environment when each user is given access to Microsoft Flow. 用户可以有多个环境的访问权限。Users can have access to multiple environments.

创建环境Create an environment

通过以下步骤可从 Microsoft Flow 管理中心创建环境:You create environments from the Microsoft Flow admin center with these steps:

  1. 命名你的环境。Name your environment.
  2. 选择将托管你的环境的区域。Select a region where your environment will be hosted.
  3. (可选)你可以决定为你的环境创建数据库。Optionally you can decide to create a database for your environment. 如果需要,可以在创建环境后创建数据库。You can create a database after you've created an environment, if you desire.
  4. (可选)选择谁将有权访问该数据库。Optionally select who will have access to the database. 可以限制对该环境的访问权限,也可以授予每个人对该数据库的访问权限。You can either restrict access or give everyone access to the database.

将用户添加到环境Add users to an environment

创建环境后,可以将用户添加到环境管理员角色或环境创建者角色。After you create an environment, you can add users to either the Environment Admin role or the Environment Maker role. 与执行所有其他管理任务一样,你需要从管理中心执行此任务。As with all other administrative tasks, you do this from the admin center.

创建了环境并添加了用户后,可能还希望创建数据丢失防护 (DLP) 策略来帮助管理企业数据的使用情况。After you've created the environment and added users, you may also want to create a data loss prevention (DLP) policy to help manage the use of your business data. 我们将在下一主题中进行介绍。We'll cover that in the next topic.

使用数据丢失防护策略Use data loss prevention policies

随着可用于通过 Microsoft Flow 构建工作流的服务越来越多,你可能需要保护企业服务(例如 SharePoint 或 Salesforce)中存储的敏感业务数据或关键业务数据。With an expanding list of services available to build workflows with Microsoft Flow, you may need to safeguard sensitive or critical business data stored in enterprise services such as SharePoint or Salesforce. 你可能会发现你的组织需要创建策略,以确保敏感业务数据不会发布到 Twitter 和 Facebook 等使用者服务。You may find that your organization needs to create a policy which ensures that sensitive business data isn't published to consumer services like Twitter and Facebook. 使用 Microsoft Flow,可以轻松创建数据丢失防护 (DLP) 策略,以便严格控制在用户创建流时可与哪些使用者服务共享你的业务数据。With Microsoft Flow, you can easily create data loss prevention (DLP) policies to tightly control which consumer services your business data can be shared with when your users create flows.

应熟悉的术语Terms you should get familiar with

术语Term 说明Description
DLPDLP 这是“数据丢失防护”的缩写。This is an abbreviation for data loss prevention. 你将创建 DLP 策略以管理在服务之间共享数据。You'll create a DLP policy to manage the sharing of data between services.
服务Services 服务是 Salesforce、SharePoint 和 Twitter 等应用程序。Services are applications such as Salesforce, SharePoint and Twitter. 这些服务以及其他许多服务用于创建流。These services, and lots more, are used to create flows.
数据组Data group 服务的逻辑分组。A logical grouping of services. 你需要将允许共享数据的服务放入同一数据组中。You put services that are allowed to share data in the same data group. 数据组有两个:“仅业务数据”数据组和“不允许业务数据”数据组。There are two data groups: business data only and the no business data allowed data group.
环境Environment DLP 应用于环境A DLP is applied to an environment. 环境包含用户。An environment contains users.
用户Users 用户是 DLP 策略将基于环境中的成员身份应用到的组织成员。Users are members of your organization to whom a DLP policy will apply, based on their membership in an environment.
Flow 流是使用可用服务的任意组合的工作流应用。A flow is a workflow app that uses any combination of the available services.

有关 DLP 策略工作原理的全部信息All about how DLP policies work

DLP 策略只是一种命名规则,用于将每个服务放入两个互斥数据组之一。A DLP policy is simply a named rule that places each service into one of two mutually exclusive data groups. 此规则随后会应用到环境。This rule is then applied to an environment. 环境是用户的逻辑分组。An environment is a logical grouping of users. 用户不可以创建在你已放入不同数据组中的服务之间共享数据的流。Users are not allowed to create flows that share data between the services you placed in the different data groups. 换言之,你的用户只能创建在单个数据组内的服务之间共享数据的流。In other words, your users can only create flows that share data between the services within a single data group. 不允许跨数据组共享。No cross-data-group sharing is allowed.

数据组名称Data group name 数据组说明Description of data group
仅业务数据Business data only 此组中的所有服务都可以在彼此之间共享数据。All services in this group can share data among themselves. 它们不能与“不允许业务数据”数据组共享数据。They cannot share data with the no business data allowed data group.
不允许业务数据No Business data allowed 此组中的所有服务都可以在彼此之间共享数据。All services in this group can share data among themselves. 它们不能与“仅业务数据”数据组共享数据。They cannot share data with the business data only data group.

注意:将服务添加到一个数据组会自动将该服务从其他数据组中删除。Note: Adding a service to one data group automatically removes it from the other data group. 例如,如果 Twitter 当前位于“仅业务数据”数据组,并且你不希望允许与 Twitter 共享业务数据,则只需将 Twitter 服务添加到“不允许业务数据”数据组。For example, if Twitter is currently located in the business data only data group, and you don't want to allow business data to be shared with Twitter, simply add the Twitter service to the no business data allowed data group. 这将从“仅业务数据”数据组中删除 Twitter。This will remove Twitter from the business data only data group.

下面是创建 DLP 所需满足的条件Here's what you need to create a DLP

  • 对 Microsoft Flow 管理中心的访问权限Access to the Microsoft Flow admin center
  • 环境管理角色中的帐户An account in the Environment Admin role
  • 一个已分配了用户的环境An environment with users assigned to it

创建 DLP 策略Create a DLP policy

以下是如何创建 DLP 策略的简要介绍:Here's a quick overview of how to create a DLP policy:

  1. 为策略提供一个名称Give the policy a name
  2. 选择策略将应用到的环境Select the environment to which the policy will apply
  3. 将服务添加到两个数据组之一。Add the services to one of the two data groups. 请记住,只有位于一个特定组中的服务才可以共享数据,因此,如果创建了任何在位于两个数据组中的服务之间共享数据的流,那么该流在创建者进行保存时都会被自动阻止。Remember, only services located in a specific group can share data so any flow that's created to share data between services located in the two data groups will be automatically blocked when the maker saves it.

另外,还有一个有关 DLP 策略的详细演练可供使用。There is also a more detailed walk-through on DLP policies available.


  • 如果你打算创建策略,用于将流限制为仅在 SharePoint、Office 365 用户、Office 365 Outlook、OneDrive for Business、Dynamics 365、SQL Server 和 Salesforce 之间共享业务数据,那么你要创建的策略将如下所示:If you were to create a policy that restricts flows to share business data only among SharePoint, Office 365 users, Office 365 Outlook, OneDrive for Business, Dynamics 365, SQL Server and Salesforce, it would look like this:
  • 如果你决定创建一个策略,用于禁止特定环境的任何成员创建共享 SharePoint 数据的流,那么你要创建的策略将如下所示。Here's what it would look like if you decided to create a policy to not allow any members of a specific environment to create a flow that shares SharePoint data. 请注意,SharePoint 是“仅业务数据”数据组中的唯一服务:Notice that SharePoint is the only service in the business data only data group:
    仅业务数据business data only


已完成 Microsoft Flow 引导式学习的“管理流”部分。You've completed the Administer flows section of Microsoft Flow Guided Learning.

You learned how to...


  • Deon Herbert
  • olprod