search

microsoft / coe-starter-kit

Other
720 stars 211 forks source link

[CoE Starter Kit - QUESTION] Sync Flow Error - Admin Sync | Sync Template v4 (Security Roles) #8542

Open DKeyesOCC opened 5 days ago

DKeyesOCC commented 5 days ago

Does this question already exist in our backlog?

What is your question?

Hi,

Apologies if the below is a simple fix, I'm new to Power Platform. We are receiving a Sync Flow error on Admin - Sync Template v4 (Security Roles).

So far I think I have determined that the issue is due to a missing user in the SystemUsers table.

Screenshot 1 - Shows the error Screenshot 2 - Shows table with user missing.

Screenshot 1 - Error Screenshot 2 - User List

My question is what is the best approach to fix this issue? Would it be to create this user or assign another user?

Thanks in advance,

Daniel

What solution are you experiencing the issue with?

None

What solution version are you using?

May 2024

What app or flow are you having the issue with?

Admin - Sync Template v4 (Security Roles)

What method are you using to get inventory and telemetry?

None

AB#3677

Jenefer-Monroe commented 5 days ago

Hello and welcome to Power Platform!

This is a list-rows action and so it simply not being found would not cause it to fail. If its simply not found it would return no records and the next condition in the flow behaves differently based on that.

What is the error message you are given? This will be in the output of the call

DKeyesOCC commented 5 days ago

Hi Jenefer,

Thanks so much for the quick reply.

Please see attached screenshot of the error message on the output.

Screenshot 3 - Error Output

Jenefer-Monroe commented 5 days ago

Ok that was what I expected. It means that the user identity running the flow does not have System User access to the environment that it's trying to access. This is due to a recent product change and you will need to install another solution to run in the background for now while we await the product workaround to ship to all regions.

New PIM Feature and the Kit

Hello likely you have been impacted by new product behavior that just shipped around the way the product treats privileged roles (ex Power Platform Admin role, Global Admin role)

While there is a workaround we can put into the kit to fix this directly, we cannot ship it with the kit until the workaround is available in all regions. Hopefully for the July release.

The product change

Here is information about the product feature: Manage admin roles with Microsoft Entra Privileged Identity Management

How to check if this is the case

  1. Validate the user running the flow has direct and permanent assignment to the Power Platform Admin role.
  2. Take one of the target environments in your repro, one of the environments which is failing, and make sure the user running the flow has System Admin security role in that target environment.

How to address and More information

Please see https://github.com/microsoft/coe-starter-kit/issues/8119 for a write up on this change. Included also is a workaround you can do until we can have it natively in the kit.