Skip to main content

PowerMove Permissions

PowerMove requires various permissions to function effectively. Below is an overview of these permissions and their purposes.

Azure DevOps

  • Permission: vso.build_execute (Delegated)

    • Purpose: Allows Users to view and execute builds in PowerMove
    • Usage:
      • Start PowerMove builds

  • Permission: vso.code_manage (Delegated)

    • Purpose: Allows Users to update and access DevOps version control from within PowerMove
    • Usage:
      • Create repositories
      • Create branches

  • Permission: vso.environment_manage (Delegated)

    • Purpose: Allows Users to view and update DevOps pipeline environments from within PowerMove
    • Usage:
      • Admin Users create DevOps pipeline environments for Power Platform environments that are added to PowerMove.
      • Allows PowerMove to retrive approvals that are created for the DevOps pipeline environments.

  • Permission: vso.memberentitlementmanagement_write (Delegated)

    • Purpose: Allows Admins to give PowerMove access to DevOps Projects
    • Usage:
      • Admin Users give PowerMove access to DevOps projects

  • Permission: vso.pipelineresources_manage (Delegated)

    • Purpose: Allows Admins to update DevOps pipeline permissions so that PowerMove may use the DevOps pipeline environments it creates
    • Usage:
      • Admin Users update DevOps pipeline environment permissions when adding Power Platform environments to PowerMove

  • Permission: vso.security_manage (Delegated)

    • Purpose: Allows Admin Users to add Build Service rights to DevOps pipelines so that builds executed by PowerMove can create pull-requests
    • Usage:
      • Admin Users add build service rights to a DevOps pipeline created when adding Power Platform environments to PowerMove

  • Permission: vso.serviceendpoint_manage (Delegated)

    • Purpose: Allows Admin Users to create, update or delete Dataverse service connections for PowerMove, needed for automated deploys
    • Usage:
      • PowerMove can use Dataverse service connections to automate deploys

  • Permission: vso.wiki_write (Delegated)

    • Purpose: Grants PowerMove the ability to read & edit the active project wiki
    • Usage:
      • Create devops wiki.
      • Publish devops repository wiki.

  • Permission: vso.work_full (Delegated)

    • Purpose: Allows Users full access to work item information and the ability to create or update work items.
    • Usage:
      • Users can view work items related to branches, pull-requests and builds from within PowerMove
      • Users can add, update or create work items from within PowerMove

Dataverse

  • Permission: user_impersonation (Delegated)
    • Purpose: Grants Users the ability to access Dataverse from PowerMove, essential for managing solutions in the context of the Users permission.
    • Usage:
      • Users can access stored Dataverse data pertaining to their organization

Microsoft Graph

  • Permission: openid (Delegated)

    • Purpose: Essential for authenticating Users in PowerMove through Microsoft Graph, facilitating secure sign-in processes.
    • Usage:
      • PowerMove can log Users in with their Microsoft accounts

  • Permission: Application.ReadWrite.All (Delegated)

    • Purpose: Essential for Admin Users to create and maintain dedicated Microsoft Entra Id Application for PowerMove, facilitating secure method for access to solution deployment.
    • Usage:
      • Create customer application.
      • Create application secret.

  • Permission: offline_access (Delegated)

    • Purpose: Grants PowerMove the ability to refresh tokens even when the User is not signed-in.
    • Usage:
      • This permission is used by PowerMove's DevOps pipelines.

  • Permission: User.Read (Delegated)

    • Purpose: Grants PowerMove the ability to read basic User information from the signed-in User.
    • Usage:
      • Retrives the signed-in User's information for personalization.
      • Verifies the User against application-specific access controls.
      • Logs the signed-in User to track organization-wide usage for licensing compliance.

PowerApps Service

  • Permission: User (Delegated)
    • Purpose: Provides Users access to the Power Apps Service API in PowerMove, enabling them to manage environments from PowerMove.
    • Usage:
      • Used by PowerMove to create development environments for development branches.
      • Used by PowerMove to retrive development environments from Power Platform.

These permissions are vital for PowerMove to offer a comprehensive, integrated experience across various Microsoft services.