Following the positive feedback I received from the DLP Policy Toolbox, I decided to share another app with the community: the Ownership Toolbox. It is often that admins have to manage apps and flows ownership. Unfortunately the functionalities offered in the platform do not always fulfill this need. I share this Ownership Toolbox to fill these gaps to enable admins to manage apps and flows ownership more efficiently!

This App is heavily inspired from another App created by Lukas Kormuth, an incredibly talented individual that everyone would benefit from knowing!

• What is Apps and Flows Ownership and why do we care?
• What is already available to manage Apps and Flows ownership?
• The Ownership Toolbox allows better Ownership management
• Manage Canvas Apps Ownership with the Ownership Toolbox
• Manage Cloud Flows Ownership with the Ownership Toolbox
• Additional comments regarding the Ownership Toolbox

What is Apps and Flows Ownership and why do we care?

Before introducing the Ownership Toolbox, let’s talk about Apps and Flows Ownership. When a Maker creates a Cloud Flow or a Canvas App, they automatically become the “Owner” of it. As Owner, they have edit access over it, giving them permissions to modify them and/or share it with co-owners.

If a flow or an app does not have any co-owner, this can create issues when the owner leaves the company or is not available. Indeed, there can be a situation when a change is urgently necessary, which could lead to operational issues.

So a best practice is to make sure that the flow or app is not solely accessible by a single individual. This can be achieved by adding co-owners, and/or using a service account to own the flow or app. Since, Makers are not always aware, of this, Admins need to be able to unlock the situation and share the respective app or flow with another co-owner.

What is already available to manage Apps and Flows ownership?

A few things are available out of the box, as explained in the below sub-sections.

Manage Flows and Apps Ownership from the Admin Center

From the Power Platform Admin Center, tenant and system admins can list the Flows or Apps of an environment and share them with other users (as documented here). Unfortunately this functionality does not allow to easily find a Flow or App when there are many in an environments.

React to orphaned Flows and Apps and manage ownership with the CoE Starter Kit

The CoE Starter Kit includes a process to automatically react to orphaned flows and apps. When the kit detects a flow or app as not having an owner, it will automatically reach out to their manager to define the new owner. This can be handy to have some automation and prevent the admins from needing to do anything manually. However, even with this automated process there can still be occasions when an admin needs to act. For instance an owner could be on holidays when a change is urgently necessary on an app.

The kit also contains a dashboard with an embedded App, allowing to update the ownership of an App. Although this is useful, it does not allow to do a bulk update.

The Ownership Toolbox allows better Ownership management

The Ownership Toolbox is a Solution containing a single App which offers the functionalities below:

• Identify the Flows and Apps owned by a user in an environment
• Add co-owners to selected Flows and Apps, individually or in bulk
• Change the main Owner of selected Apps and Flows, individually or in bulk
• Remove the users with access to an App or Flow

The Solution has to be installed on an environment with the CoE Starter Kit installed. The user using the App will need to have the Power Platform Administrator role. The App also requires the Ownership Updater Solution to be installed as a pre-requisite.

The App connects to the Dataverse table Makers, PowerApps Apps, Environments, Flows and AAD Users. It also uses the Dataverse, Office365Users, PowerAppsforAdmins and PowerAutomateforAdmins connectors.

The Ownership Toolbox is available from my GitHub repository below. The following sections describe how to use it.

Manage Canvas Apps Ownership with the Ownership Toolbox

The screen should be self-explanatory and guides the user through 6 steps:

1. Select a Maker. The App connects to the Dataverse Maker table from the CoE Kit. Since this table might have more Makers than the delegation limit, a text input field allows to filter down this table prior to using the dropdown. It uses the Display Name of the Makers.
2. Select the Environment: Using the Environment table from the CoE Kit, only the Environments where the selected Maker has created a Canvas App will be listed.
3. Select the Canvas Apps: After completing step 2), the main area of the screen will show all the Canvas Apps created by the selected owner on the selected environment, also using the CoE Kit data. The Apps can be selected with the check boxes. It is also possible to click on the People icon to see who has currently access to an App, allowing to remove users by clicking on the respective cross icon:
   
4. Select the new Owner: This is the user the selected Apps will be shared with. This is using the AAD Users virtual table from the environment. A text input is also provided to filter the users shown in the dropdown. The drop down uses the User Principal Name property here to avoid issues for users having the same display name.
5. Co-Owner or Main Owner: this toggle allows to define whether the new Owner will be a co-owner or the main owner:
   • Co-Owner: the user will be an additional co-owner of the App
   • Main-Owner: the user will become the main Owner. The App will be shown as created by them from the Power Apps Portal. The previous Main Owner will automatically lose ownership and will have only “CanView” permissions.
6. Press the button to update ownership as configured.

Clicking on the copy icon on the top-right-hand corner of the screen will copy to clipboard an Array in Json format with all the selected Apps.

Manage Cloud Flows Ownership with the Ownership Toolbox

The interface and principle is exactly the same as for the Canvas Apps Ownership screen.

The only difference is that if the “Main Owner” toggle is turned on, then a Flow will be called from the App to call the Ownership Updater flow and make the change instead of using the out of the box admin connectors. This is a limitation and the only way I found to update the main owner of solution-aware flows. If the selected flows are not solution-aware, they will only be shared as co-owners.

Additional comments regarding the Ownership Toolbox

Although it is technically possible to achieve similar functionalities without the CoE Kit tables, this would have a big impact on performance for large tenants.

It is possible to easily modify the Look & Feel of the App with the App Formulas: