Secure environment maker and basic user security roles by making them non-customizable
Important
Some of the functionality described in this release plan has not been released. Delivery timelines may change and projected functionality may not be released (see Microsoft policy). Learn more: What's new and planned
| Enabled for | Public preview | General availability |
|---|---|---|
| Admins, makers, marketers, or analysts, automatically | - | Mar 2023 |
Business value
To maintain SLA and a consistent user experience, makers and users can always make and run applications, respectively, using the system-provided security roles of environment maker and basic user. This SLA can only be maintained when these roles are protected from being updated.
Feature details
The environment maker and basic user security roles are managed and shipped by the platform and are marked as non-updateable. These security roles are maintained by Microsoft services and privileges are continuously updated by them to run their services smoothly. Local admins can view the list of privileges of these security roles from the admin role form, but they can't update the privileges. Admins can continue to copy these privileges to another role. but they can't update the role.