[ALM Accelerator - QUESTION] ALM Accelerator elevated permissions

[zellos13]

What is your question?

Hi,

MS Learn documentation says (here) that we must elevate the permission of the Service Principal.

It requires Power Platform Admin rights. But in bigger organizations, we can't have another Power Platform admin account - it is very, very hard to get one, but we would still like to use ALM Accelerator.

Question: What capabilities of ALM Accelerator will not work if we don't elevate the permission as required? Will it even work?

Kind regards, Daniel

What component are you experiencing the issue with?

ALM Accelerator Canvas App

What solution version are you using?

1.0.20240104.1(Managed)

AB#2498

[mikefactorial]

@zellos13 the specific functionality that won't work without the elevated permissions are as follows. Unfortunately, this isn't something that we're able to work around in the platform today.

From https://github.com/microsoft/coe-starter-kit/blob/main/CenterofExcellenceALMAccelerator/PREVIEW.md Requirement for service principal to have App Management Permission. This permission https://docs.microsoft.com/powershell/module/microsoft.powerapps.administration.powershell/new-powerappmanagementapp gives the service principal Power Platform admin rights although it is only used in the pipelines in the following areas. Sharing canvas apps in downstream environments. Updating canvas app owner on import of an unmanaged solution. Running canvas test automation, where applicable, to override connection consent.

However, not having that permission shouldn't affect any other functionality.