Secure security roles by making them non-customizable

Important

This content is archived and is not being updated. For the latest documentation, go to What is Microsoft Dataverse?. For the latest release plans, go to Dynamics 365, Power Platform, and Cloud for Industry release plans.

Enabled for Public preview General availability
Admins, makers, marketers, or analysts, automatically - May 31, 2023

Business value

To maintain SLA and a consistent user experience, makers and users can always make and run applications, respectively, using the system-provided security roles of environment maker and basic user. This SLA can only be maintained when these roles are protected from being updated.

Feature details

The environment maker and basic user security roles are managed and shipped by the platform and are marked as non-updateable. These security roles are maintained by Microsoft services and privileges are continuously updated by them to run their services smoothly. Power Platform admins can view the list of privileges of these security roles from the admin role form, but they can't update the privileges. Power Platform admins can continue to copy these privileges to another role. but they can't update the role.