[CoE Starter Kit - BUG] Security Role Permissions ページにレコードが表示されない

[kameitakahiro2com]

Does this bug already exist in our backlog?

• I have checked and confirm this is a new bug.

Describe the issue

現在、ver 4.29のCoE Starter Kitを利用しております。
私は、Power Platformで管理者権限を割り当てられているユーザーを一覧で確認したいと考えています。
「Power Platform Admin View」アプリの中にある、「Security Role Permissions」>「System Admin Users」から、管理者権限を割り当てられているユーザーを一覧で確認できると思いましたが、ページにはレコードが一つも表示されません。
この問題の原因と対応策を教えていただけますでしょうか。

※確認しているユーザー(私)はM365テナントのグローバル管理者権限を持っています。

Expected Behavior

No response

What solution are you experiencing the issue with?

Core

What solution version are you using?

4.29

What app or flow are you having the issue with?

Power Platform Admin View

What method are you using to get inventory and telemetry?

None

Steps To Reproduce

No response

Anything else?

No response

AB#3621

[Jenefer-Monroe]

Hello. Screenshots are very helpful for us, especially when there is a language barrier like here.

I think you are saying that you have no data in this screen:

If that is the case, please be sure you have run the flow which configures the SRs to gather:
You will see them on this screen, with the System Administrator selected. If not it shoudl tell you the flow to run, but its this one: Admin | Gather Tenant SRs

Once that happens, the SR is set to be tracked, then this will get filled on the next run of inventory.

[kameitakahiro2com]

Ms.Jenefer-Monroe 回答ありがとうございます。また、スクリーンショットを添付せず申し訳ございません。
私が確認したいと考えている画面は次の画面です。（「Power Platform Admin View」>「Security Role Permissions」>「System Admin Users」）

また、「Admin | Gather Tenant SRs」フローを確認しましたが、次の画面ように「Fetch SRs from other envts if additive to CoE Envt SRs」スコープ内の「Get_Parent_BU_for_ID」アクションで「The user is not a member of the organization.」というエラーが表示されていることがわかりました。

このエラーの対処法としては、接続の所有者にすべての環境のシステム管理者ロールを付与すればよいでしょうか？

[Jenefer-Monroe]

Yes that is correct. This means the user identity running the flow does not have System Admin permissions in the destination environment. This is due to a recent product change where the Power Platform Admin role no longer automatically escalates the user to SR.

Please read the following and use the solution file offered in the related issue to resolve: #8119

New PIM Feature and the Kit

Hello likely you have been impacted by new product behavior that just shipped around the way the product treats privileged roles (ex Power Platform Admin role, Global Admin role)

While there is a workaround we can put into the kit to fix this directly, we cannot ship it with the kit until the workaround is available in all regions. Hopefully for the July release.

The product change

Here is information about the product feature: Manage admin roles with Microsoft Entra Privileged Identity Management

How to check if this is the case

1. Validate the user running the flow has direct and permanent assignment to the Power Platform Admin role.
2. Take one of the target environments in your repro, one of the environments which is failing, and make sure the user running the flow has System Admin security role in that target environment.

How to address and More information

Please see #8119 for a write up on this change.
Included also is a workaround you can do until we can have it natively in the kit.

[Jenefer-Monroe]

closing out as no further action for starter kit team