Users cannot create Flows in Power Automate | Environment Maker permissions

If you are someone who has been asked to create Flows in Power Automate, and you go to Power Automate portal ( to make your first Flow in your environment, you may come across this if you are not an Administrator yet –

The error message would say -“You are not permitted to make flows in this ‘<EnvironmentName>’. Please switch to the default environment, or to one of your own environment(s), where you have maker permissions.

Now, let’s see what the issue is about.

Environment Maker Permissions

As a Power Platform Administrator yourself, you’ll need to provide Environment Maker privileges (Security Role) to the affected User in your environment –

  1. Navigate to the the Settings for the Environment in PPAC (
    And look for Security Roles in Access area –

  2. Look for the Environment Maker role.

  3. When in Environment Maker role, look for the Add People button on the top.

  4. Now, search for the user who should have the Environment Maker permissions and click Add (which will be at the bottom of the pane).

  5. Now, you’ll see that this user is added.

  6. Now, when the User will refresh the Flow Editor, they’ll no longer see the error message and will be able to create/save Flows.

Hope this was useful!

Here are some Power Automate posts you want to check out –

  1. Blocking Attachment Extensions in Dynamics 365 CRM
  2. Upgrade Dataverse for Teams Environment to Dataverse Environment
  3. Showing Sandbox or Non Production Apps in Power App mobile app
  4. Create a Power Apps Per User Plan Trial | Dataverse environment
  5. Install On-Premise Gateway from Power Automate or Power Apps | Power Platform
  6. Co-presence in Power Automate | Multiple users working on a Flow
  7. Search Rows (preview) Action in Dataverse connector in a Flow | Power Automate
  8. Suppress Workflow Header Information while sending back HTTP Response in a Flow | Power Automate
  9. Call a Flow from Canvas Power App and get back response | Power Platform\
  10. FetchXML Aggregation in a Flow using CDS (Current Environment) connector | Power Automate
  11. Parsing Outputs of a List Rows action using Parse JSON in a Flow | Common Data Service (CE) connector
  12. Asynchronous HTTP Response from a Flow | Power Automate
  13. Validate JSON Schema for HTTP Request trigger in a Flow and send Response | Power Automate
  14. Converting JSON to XML and XML to JSON in a Flow | Power Automate

Thank you!

Form Access Checker in new Power Apps Form Designer | Model-Driven Apps in Dynamics 365

Most of us have been used to using the classic form designer as of now. And the Power Apps UI which is in has some important new features.

We create forms and we then have to explicitly make sure we have assigned them correct Security Roles and added them to the Apps correctly.

So the new Power Apps Form Designer has a very useful feature called as Form Access Checker. Let’s look at it

A Form & An App

  1. Let’s say we have a custom/Unmanaged Form called as ‘Management Form’.

  2. And an App called as ‘Management App’.

  3. And it has Contact entity with 2 Forms added.

  4. And here are the 2 forms – Contact (OOB) and Management Form (Custom)

Form Access Checker

The Form Access Checker answers 2 questions at once – Let’s look at this feature

  1. Open the form and go to Form Settings.

  2. In the Form Properties, look for Form access checker.

  3. Now, select the Security Role you want to check for and then the App you want to check. The Form Checker will show the Forms which satisfy either and both the criteria.

    Now with only Salesperson role, below are the forms which are applicable. Note that the App is not yet selected.

  4. Now, if you choose the App – the Form that matches both these will be selected.

  5. And it’ll show only the Forms which are applicable to both criteria. (Notice that the form we added in the Management App didn’t show up)

  6. Now, let’s give the Management Form we added Salesperson Security Role and see it satisfy the above criteria. You can now assign Roles to a Form within the Form designer itself.

  7. And if you check again, you’ll be able to conclude that the App we are looking for has both these forms for the Security Role you want to check

Hope this helps. Here are some more Dynamics 365 related posts you might want to check out –

  1. Use Rich-Text Control for Multiple Lines of Text in Dynamics 365 CE | Quick Tip
  2. Ribbon button visibility based on a field value in Dynamics 365 | Ribbon Workbench
  3. Find deprecated JS code used in your Dynamics 365 environment | Dynamics 365 v9 JS Validator tool | XrmToolBox
  4. Make On-Demand Flow to show up in Dynamics 365 | Power Automate
  5. Track and Set Regarding are disabled for Appointments in Dynamics 365 App For Outlook message | Demystified
  6. Get GUID of the current View in Dynamics 365 CRM JS from ribbon button | Ribbon Workbench
  7. Remove ‘This Email has been blocked due to potentially harmful content.’ message in Dynamics 365 Emails | OrgDbSettings utility
  8. Find Created On date of solution components in Solution Layers | Dynamics 365 [Quick Tip]
  9. Pass Execution Context to JS Script function as a parameter from a Ribbon button in Dynamics 365 | Ribbon Workbench
  10. Dynamics 365 App For Outlook missing on SiteMap in CRM? Use shortcut link [Quick Tip]

Thank you!!

D365 PSA: Restrict Project access only to their Project Managers

Out-of-the-box PSA’s Project Manager security role provides complete access to even other Project Managers. But then, what if you want to bring down the access of the Project Managers to their own Projects only?

Remember, access in D365 PSA is provided for Owner (ownerid) field and not Project Manager (msdyn_projectmanager) field.



Now, I don’t want a Project Manager to have access to others Projects and looks like this can’t be controlled from the Security Level perspective, given the Project Manager is a separate field than Owner of the Project.

So, I’ll limit the access to only the User level (the one who created the record would have the access, obviously)


But this remove the access from even the Project Managers since they don’t own the Projects. To overcome this, I’ve written a simple plugin to provide access to the Project Manager whenever they are updated by Sharing and giving PMs the access.

For this, I’ve written a plugin code that will grant all permissions to the Project Manager of that Project and I would like to share this with you all to consume it.

GitHub Project

Here’s the GitHub repository I’ve created which has the plugin code and the Unmanaged Solution that contains only the plugin assembly and the registered step –

Link: D365PSA-PMAccessRights


The D365 Unmanaged Solution resides here –


This will work in the following scenarios –

  1. When a Project Manager is changed from Person A to Person B, the access rights of Person A will be removed and granted to Person B.
  2. You can even create a trigger field and use an on-demand workflow to set the trigger. This trigger should be included in the filtering attributes of the plugin step to update the existing records.

This will provide access to the Project Manager of the Project automatically apart from the Owner so that they see/access only Projects that concern them

Make sure no other security role is overriding your restricted access.

Hope this helps! 🙂

D365 Quick Tip: Can’t add members to the default Business Unit Team

I would like to share a consideration I take while designing Teams that you might need to make certain records shareable. I faced an issue once when users started to use Default Teams created on Business Units.

And after several months, it occurred that some users from other Business Units too needed to be on that Team. And several records were already assigned to BU provided Default Teams.


  1. Priyesh belongs to Southeast Asia BU and Somesh belongs to North America BU.
  2. Some records were assigned to North America team which is the Default Team created by BU..
  3. Priyesh wanted to be in the North America Team.

    So adding North America to Teams under the user Priyesh, but I get the below error

That is because you cannot add Default Teams to users in some other BUs.


As a workaround, I only created a new Team and named it “<BU Name> – Shareable” team and assigned records to this team so that I know where I want the records to be visible as per my Security Roles setup.


And hence, added the North America – Shared team for Priyesh.

I would also like to hear your suggestions and any workarounds you may have. Thanks! 😊