Problem Statement

Large organizations with hybrid centralized/decentralized administration models face challenges in managing permissions within Power Platform environments. Currently, permissions are applied at the environment level, meaning any developer with access can modify all solutions. This creates security risks, increases administrative overhead, and conflicts with the principle of least privilege.

Current Challenges

• Broad Access: Developers in an environment can access all solutions, raising risk of accidental or malicious changes.
• Complex Governance: With thousands of staff and hundreds of organizational units (OUs), managing permissions at the environment level is inefficient.
• Compliance Risks: Lack of granular control makes it harder to enforce security and compliance standards.

Proposed Solution

Introduce solution-level permissions within environments:

• Allow an Entra ID group to create solutions in a specific environment (similar to Environment Maker role).
• When a solution is created:
• The creator automatically becomes the solution admin.
• The creator can assign permissions to an Entra ID security group for that solution.
• Maintain flexibility for dependencies between solutions while enabling tighter control.

Benefits

• Improved Security: Aligns with least privilege principles, reducing risk of unauthorized changes.
• Scalability: Supports large organizations with multiple OUs and diverse developer roles.
• Operational Efficiency: Reduces administrative overhead and minimizes exceptions.
• Compliance: Easier to enforce governance policies without breaking dependency models.

Impact

This feature would significantly enhance governance for organizations using Power Platform at scale, enabling secure, efficient, and compliant solution management.