Manage System Administrator security role assignment to tenant administrator


Some of the functionality described in this release plan has not been released. Delivery timelines may change and projected functionality may not be released (see Microsoft policy). Learn more: What's new and planned

Enabled for Public preview General availability
Admins, makers, marketers, or analysts, automatically May 2023 Aug 2023

Business value

Empower customers to manually assign and manage high-privileged security roles to appropriate users in their environment.

Feature details

The System Administrator security role in Dataverse environments is automatically assigned to all users who have the Global Administrator, Power Platform Administrator, and Dynamics 365 Administrator role in Azure Active Directory (Azure AD). The System Administrator security role isn't removed when the user no longer has the tenant role assigned.

With this feature:

  • Customers can produce an inventory of users with System Administrator access across all environments in the tenant and remove stale users who should no longer have the System Administrator role assignment.
  • Stop the auto assignment of the System Administrator role in all Dataverse environments for users with the tenant administrator roles defined in Azure AD.
  • Provide a mechanism for tenant administrators to add themselves to the System Administrator role in an environment to support break-glass and emergency scenarios.