Edit

Share via


Roles required for website administration

Different administrative tasks in Power Pages can be performed by members of different roles. The admin and security roles required to do these tasks vary depending on the affected area.

For example, some tasks might require the user to be a member of admin roles in Microsoft 365, and others might need membership to security roles in the Microsoft Power Platform environment.

In this article, you learn about the roles and permissions required to do different administrative tasks for Power Pages.

Important

To perform a task which requires an admin role, a user must be directly assigned to the required role. These roles are not inherited from security group membership or through privileged identity management (PIM).

Required roles and permissions

The following table lists different administrative tasks for Power Pages, and the roles required to do that task. Users who are members of those roles can perform the corresponding task.

Task Required roles
Add a custom domain name Any one of the following roles:
Update the Dynamics 365 instance of an add-on website Any one of the following roles:
Manage authentication key Website app owner and any one of the following roles:
Convert an existing website to capacity-based model Website app owner and any one of the following roles:
Convert a website from trial to production Website app owner and any one of the following roles:
Create a website Required roles and permissions in Microsoft Power Platform (all are required):
Edit a website By default, Power Pages design studio only allows system administrators to edit websites.

The system customizer role can be assigned and updated to allow other makers and developers to edit sites in your environment using design studio. You must bypass custom business logic and adjust privileges. System customizers need organization access (Read, Write, Append, Create, Delete, and Append to) for the Note table.
Download the public key of a website Any one of the following roles:
Import metadata translation Any one of the following roles:
Delete a website Website app owner and any one of the following roles:
Update solutions User account with Read-Write Access Mode and System administrator
View website error logs Any one of the following roles:
Restart a website Any one of the following roles:
Install Project Service Automation extension Any one of the following roles:
Install Field Service extension Any one of the following roles:
Disable custom errors Any one of the following roles:
Enable diagnostic logging Any one of the following roles:
Change base URL Website app owner and any one of the following roles:
Update to Power Pages domain Website app owner and any one of the following roles:
Enable maintenance mode Any one of the following roles:
Set up SSL Any one of the following roles:
Manage SSL certificates Any one of the following roles:
Set up SharePoint integration
Set up Power BI integration
Run site checker Any one of the following roles:
Set up IP address restriction Any one of the following roles:
Configure content delivery network Any one of the following roles:

Manage membership of the required roles

This section describes how to manage the membership of the required roles in the preceding table for different kinds of administrative tasks in Power Pages.

Dynamics 365 administrator

Dynamics 365 administrator is a Microsoft Power Platform service admin role. This role can do admin functions on Microsoft Power Platform because they have the system admin role.

To assign a user the Dynamics 365 administrator role, go to Assign a service admin role to a user.

Global administrator

Global administrator is a Microsoft 365 admin role. A person who purchases the Microsoft business subscription is a global administrator. A global administrator has unlimited control over products in the subscription and access to most data.

To assign a user the global administrator role, go to Assign admin roles in Microsoft 365.

More information: About admin roles in Microsoft 365

Website app owner

A website app owner is a user who owns the website application registration in the Azure portal.

To add an app owner for the website app in the Azure portal

  1. Sign in to the Azure portal.

  2. Search for and select Microsoft Entra ID.

  3. Under Manage, select App registrations.

  4. Select the website app from the list of available applications. This application is called Portals-<<website name>>.

  5. Under Manage, select Owners.

  6. Select Add owners.

  7. Select a user.

  8. Select Select.

The user is added as an owner of the website app.

Website owner

The website owner is the user who created the Power Pages website. This role can't be managed and can't be changed.

Read-Write Access Mode

This is a user account in Microsoft Power Platform with Access Mode set to Read-Write. More information: Create a Read-Write user account

System administrator

System administrator is a Microsoft Power Platform security role. This role has full permissions to customize and administer a Microsoft Power Platform environment.

To assign a user the System administrator Power Platform role, go to Configure user security to resources in an environment.

System customizer

System customizer is a Microsoft Power Platform security role. This role has full permissions to customize a Microsoft Power Platform environment.

To assign a user the System Customizer Power Platform role, go to Configure user security to resources in an environment.

Power Platform administrator

Power Platform administrator is a Microsoft Power Platform service admin role. This role can perform admin functions on Microsoft Power Platform because they have the system admin role.

To assign a user the Power Platform administrator role, go to Assign a service admin role to a user.

Limitations

The platform uses the Microsoft Graph service to retrieve role information. Currently, Microsoft Graph doesn't return these roles when assigned through a security group. Until this issue is resolved, ensure that roles are assigned directly to users rather than through a security group.

Use the admin center
Portal Management app
Site settings