Post
Ask Question

Change Ownership of Cloud Flows

Introduction

Power Automate Cloud Flows enable users to streamline and automate routine tasks, boost efficiency, and foster collaboration within cloud-based applications and services. Actions performed by them run in the context of their creator or assigned user.

In this article, we will discuss ways to change ownership or assignment of cloud flow so that all actions are performed with respect to a particular user. We will also discuss various scenarios and use cases regarding the same.

Use Cases

  1. Employee left Organization: The creator of Cloud Flow has left the organization and Flow is still running in his/her name. We want to avoid actions being performed with that name.
  2. Production Resource access: Many times as a developer we come across a scenario where we find out a particular user does not have all privileges to a higher environment. In that case, we should be able to assign cloud flow to the user with the correct privileges.
  3. Change Ownership of Multiple Flows: We might come across a request where the client wants us to update ownership of multiple cloud flows.
  4. Deployment Step: We can perform this activity as part of the deployment process requirements.

There might be several other use cases as well. Now let's discuss how we can achieve the above demands.

Different Methods to Change Ownership


1. Manually Using Advanced Find

In this method, we will change the assignment/ownership of cloud flows using Advanced Find.

Step 1. Go to make.powerapps.com -> Switch to Environment where cloud flow(part of some solution) exists ->  Click on Gear Icon -> Advanced Settings as shown in the below image.

Advanced settings

Step 2. The environment will open in a classic view. Click on the Advanced Find icon as shown below.

Classic View

Step 3. Look for Processes entity(table) -> Set Filter Category = Modern Flow -> Click on Results as shown below.

Category

Step 4. Select the cloud flow(s) for which you want to change ownership-> Click on the Assign Processes icon as shown below.

Process

Step 5. A pop-up will appear. Set Assign to = User or team. Set User or Team = User or Team in whose context cloud flow should run.

Click on the Assign Button.

Assign process

Step 6. Selected Cloud Flows are assigned to the User or Team selected in Step 5 as shown below.

Cloud flow

2. Using PowerShell Script

In this method, we will automate the above activity using the PowerShell script. We can run the below script in our system.

Prerequisites

Powershell Terminal, The Application must be registered in the Azure portal with Dynamic CRM API permissions, and the Application User(SPN User) must have access to the target environment.

# Install the module
Install-Module Microsoft.Xrm.Data.Powershell -Scope CurrentUser
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12

# Establish CRM connection
$conn = Get-CrmConnection -ConnectionString "AuthType=ClientSecret;Url=<Url of environment>;ClientId=<Application ID of SPN User>;ClientSecret=<ClientSecret of SPN user>"

#Fetch Expression to retrieve desired flows to e assigned
$fetchFlows = @"
<fetch>
       <entity name="workflow">
       <attribute name="workflowid"/>
       <attribute name="name"/>
       <attribute name="category"/>
       <attribute name="primaryentity"/>
       <attribute name="statecode"/>
       <attribute name="createdon"/>
       <attribute name="ownerid"/>
       <attribute name="owningbusinessunit"/>
       <attribute name="type"/>
       <order attribute="name" descending="false"/>
       <filter type="and">
       <condition attribute="category" operator="eq" value="5"/>
       </filter>
       </entity>
</fetch>
"@;

$flowsToBeAssigned = (Get-CrmRecordsByFetch  -conn $conn -Fetch $fetchFlows).CrmRecords
if ($flowsToBeAssigned.Count -gt 0) { # If any flow exists which ownership needs to be changed
            foreach ($flow in $flowsToBeAssigned) {
                Write-Output "Assigning Flow:$(($flow).name) to Test User 1"
                try {
                       Set-CrmRecordOwner -conn $conn -EntityLogicalName workflow -Id $flow.workflowid -PrincipalId <GUID of USER to be assigned>
                       #PrincipalId is GUID of user to be assigned
                    }
                catch [Exception] {
                    write-host $_.Exception.Message
                }
            }
}
else {
 Write-Output "No Flows to be assigned"
}

Script Output

Script output

3. Using Azure Pipelines

In this method, we will be using Azure Pipeline(YAML Implementation) to achieve our requirements. We can add YAML code to our existing deployment pipeline which will save time and improve efficiency. We will be storing parameters in a variable group.

Prerequisites

Azure DevOps Organization, Variable Group, and YAML knowledge

Below is the YAML code that can be run directly in Azure Pipeline.

trigger:
- main

variables:
- group: variable-group

pool:
  vmImage: windows-latest

steps:

- task: PowerShell@2
  displayName: Change Flow Ownership
  inputs:
    targetType: 'inline'
    script: |
      # Install the module
      Install-Module Microsoft.Xrm.Data.Powershell -AllowClobber -Force  -Scope CurrentUser
      [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12
      
      # Establish CRM connection
      $conn = Get-CrmConnection -ConnectionString "AuthType=ClientSecret;Url= $(url);ClientId=$(clientid);ClientSecret=$(clientsecret)"
      
      $fetchFlows = @"
      <fetch>
             <entity name="workflow">
             <attribute name="workflowid"/>
             <attribute name="name"/>
             <attribute name="category"/>
             <attribute name="primaryentity"/>
             <attribute name="statecode"/>
             <attribute name="createdon"/>
             <attribute name="ownerid"/>
             <attribute name="owningbusinessunit"/>
             <attribute name="type"/>
             <order attribute="name" descending="false"/>
             <filter type="and">
             <condition attribute="category" operator="eq" value="5"/>
             </filter>
             </entity>
      </fetch>
      "@;
      
      $flowsToBeAssigned = (Get-CrmRecordsByFetch  -conn $conn -Fetch $fetchFlows).CrmRecords
      if ($flowsToBeAssigned.Count -gt 0) {
                  foreach ($flow in $flowsToBeAssigned) {
                      Write-Output "Assigning Flow:$(($flow).name) to Test User 1"
                      try {
                             Set-CrmRecordOwner -conn $conn -EntityLogicalName workflow -Id $flow.workflowid -PrincipalId $(userid)
                          }
                      catch [Exception] {
                          write-host $_.Exception.Message
                      }
                  }
      }
      else {
       Write-Output "No Flows to be assigned"
      }

Below are variables(hidden) declared in the variable group.

Library

Pipeline Run Output

Jobs

Conclusion

We discussed how we can achieve ownership change for cloud flows in different ways(manual and automated).

Note: In cloud flows, we can add or remove owners out of the box as well but there is a  drawback. Users who are assigned owner roles for specific cloud flows will not be able to run flows in their context without complex customizations. The original creator also can't be removed if we don't follow the above methods as shown below(the delete icon is disabled for the original creator).

Owners CRUD Operations

If ownership is changed using the above 3 methods original creator can be deleted(the delete icon is enabled for the original creator).

Creator can be deleted

Moreover, connection references used in cloud flow(s) should be updated with the assigned user's connection ID.

Hence methods discussed in this article solve most of the challenges related to cloud flow ownership faced by developers.


Similar Articles