Roles required for website administration
Different administrative tasks in Power Pages can be performed by members of different roles. The admin and security roles required to do these tasks vary depending on the impact area.
For example, some tasks might require the user to be a member of admin roles in Microsoft 365, and others might need membership to security roles in the Microsoft Power Platform environment.
In this article, you'll learn about the roles and permissions required to do different administrative tasks for Power Pages.
Note
A user must be a direct member of the below roles to be able to take the respective actions. Roles are not inherited from a security group (that the user is a member of) or via privileged identity management.
Required roles and permissions
The following table lists different administrative tasks for Power Pages, and the roles required to do that task. Users who are members of those roles can perform the corresponding task.
| Task | Required roles |
|---|---|
| Add a custom domain name | Any one of the following roles: |
| Update the Dynamics 365 instance of an add-on website | Any one of the following roles: |
| Manage authentication key | Website app owner and any one of the following roles: |
| Convert an existing website to capacity-based model | Website app owner and any one of the following roles: |
| Convert a website from trial to production | Website app owner and any one of the following roles: |
| Create a website | Required roles and permissions in Microsoft Power Platform (all are required):
|
| Download the public key of a website | Any one of the following roles: |
| Import metadata translation | Any one of the following roles: |
| Delete a website | Website app owner and any one of the following roles: |
| Update solutions | User account with Read-Write Access Mode and System administrator |
| View website error logs | Any one of the following roles: |
| Restart a website | Any one of the following roles: |
| Install Project Service Automation extension | Any one of the following roles: |
| Install Field Service extension | Any one of the following roles: |
| Disable custom errors | Any one of the following roles: |
| Enable diagnostic logging | Any one of the following roles: |
| Change base URL | Website app owner and any one of the following roles: |
| Update to Power Pages domain | Website app owner and any one of the following roles: |
| Enable maintenance mode | Any one of the following roles: |
| Set up SSL | Any one of the following roles: |
| Manage SSL certificates | Any one of the following roles: |
| Set up SharePoint integration | |
| Set up Power BI integration | |
| Run site checker | Any one of the following roles: |
| Set up IP address restriction | Any one of the following roles: |
| Configure content delivery network | Any one of the following roles: |
Manage membership of the required roles
This section describes how to manage the membership of the required roles in the preceding table for different kinds of administrative tasks in Power Pages.
Dynamics 365 administrator
Dynamics 365 administrator is a Microsoft Power Platform service admin role. This role can do admin functions on Microsoft Power Platform because they have the system admin role.
To assign a user the Dynamics 365 administrator role, go to Assign a service admin role to a user.
Global administrator
Global administrator is a Microsoft 365 admin role. A person who purchases the Microsoft business subscription is a global administrator. A global administrator has unlimited control over products in the subscription and access to most data.
To assign a user the global administrator role, go to Assign admin roles in Microsoft 365.
More information: About admin roles in Microsoft 365
Website app owner
A website app owner is a user who owns the website application registration in the Azure portal.
To add an app owner for the website app in the Azure portal
Sign in to the Azure portal.
Search for and select Microsoft Entra ID.
Under Manage, select App registrations.
Select the website app from the list of available applications. This will be called
Portals-<<website name>>.Under Manage, select Owners.
Select Add owners.
Select a user.
Select Select.
The user is added as an owner of the website app.
Website owner
The website owner is the user who created the Power Pages website. This role can't be managed and can't be changed.
Read-Write Access Mode
This is a user account in Microsoft Power Platform with Access Mode set to Read-Write. More information: Create a Read-Write user account
System administrator
System administrator is a Microsoft Power Platform security role. This role has full permissions to customize and administer a Microsoft Power Platform environment.
To assign a user the System administrator Power Platform role, go to Configure user security to resources in an environment.
System customizer
System customizer is a Microsoft Power Platform security role. This role has full permissions to customize a Microsoft Power Platform environment.
To assign a user the System Customizer Power Platform role, go to Configure user security to resources in an environment.
Power Platform administrator
Power Platform administrator is a Microsoft Power Platform service admin role. This role can perform admin functions on Microsoft Power Platform because they have the system admin role.
To assign a user the Power Platform administrator role, go to Assign a service admin role to a user.
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for