Many users often reports issue of not being able to access Dynamics 365 CRM even when they’ve been assigned security roles.

So, Power Platform Admin Center will provide you a Diagnostic Tool to quickly check what type of access is missing at the administration level across the below areas –

1. Sign in blocked for the User at M365 level.
2. No license for Power Apps / CE Apps.
3. Not in Security Group of the Dataverse/CRM environment

Let’s see how we can run the Diagnostics and how to solve each of them!

Run Diagnostics on Users

Here’s how you can Run the Diagnostics on the Users in Power Platform Admin Center –

1. Navigate to the Settings once you select the Environment –
   
   
2. Then, expand the Users + permissions area to see the Users option
   
   
3. Once you see all the Users, you’ll be able to see which Users you want to select and then investigate for diagnostics.
   
   
4. When you click on Run Diagnostics, you’ll see the pan on the right hand side complete some tests and then show the results –
   
   
5. And when you zoom, you’ll see the information as below –
   
   
6. So, when you check the License information in the M365 Portal (considering you have Admin access), you’ll identify that the User is missing the license for Power Apps / Customer Engagement Apps.
   
   
7. When I run this for User whose all levels of access are correct, I’ll see the below –
   
   
8. In other instances, the Sign-in could be blocked as well and this is how it’ll appear. The error message will point out what is causing the User to not access the Dataverse environments.
   
   
9. And when you check the User in the M365 Admin Center, you’ll see that the Sign-in is blocked –
   
   
10. And a final reason that a User is not a part of the Security Group which has been assigned to the Environment itself.
    In that case, they’ll see the below error –
    
    
11. So, if you check the Environment in PPAC itself, you can see what Security Group has been applied to the Environment.
    
    
12. And if you look at this Group, you’ll not find the member in the Security Group at the M365 Level.
    
    

You can find the complete Microsoft Learn documentation on the same here – https://learn.microsoft.com/en-gb/power-platform/admin/troubleshooting-user-needs-read-write-access-organization#user-diagnostics?WT.mc_id=DX-MVP-5003911

Hope this helps!

Here are some Power Automate posts you want to check out –

1. Select the item based on a key value using Filter Array in Power Automate
2. Select values from an array using Select action in a Power Automate Flow
3. Blocking Attachment Extensions in Dynamics 365 CRM
4. Upgrade Dataverse for Teams Environment to Dataverse Environment
5. Showing Sandbox or Non Production Apps in Power App mobile app
6. Create a Power Apps Per User Plan Trial | Dataverse environment
7. Install On-Premise Gateway from Power Automate or Power Apps | Power Platform
8. Co-presence in Power Automate | Multiple users working on a Flow
9. Search Rows (preview) Action in Dataverse connector in a Flow | Power Automate
10. Suppress Workflow Header Information while sending back HTTP Response in a Flow | Power Automate
11. Call a Flow from Canvas Power App and get back response | Power Platform\
12. FetchXML Aggregation in a Flow using CDS (Current Environment) connector | Power Automate
13. Parsing Outputs of a List Rows action using Parse JSON in a Flow | Common Data Service (CE) connector
14. Asynchronous HTTP Response from a Flow | Power Automate
15. Validate JSON Schema for HTTP Request trigger in a Flow and send Response | Power Automate
16. Converting JSON to XML and XML to JSON in a Flow | Power Automate

Thank you!