![[The AI Show Episode 145]: OpenAI Releases o3 and o4-mini, AI Is Causing “Quiet Layoffs,” Executive Order on Youth AI Education & GPT-4o’s Controversial Update](https://www.marketingaiinstitute.com/hubfs/ep%20145%20cover.png)
![[DEALS] Internxt Cloud Storage Lifetime Subscription: 10TB Plan (88% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![Ditching a Microsoft Job to Enter Startup Purgatory with Lonewolf Engineer Sam Crombie [Podcast #171]](https://cdn.hashnode.com/res/hashnode/image/upload/v1746753508177/0cd57f66-fdb0-4972-b285-1443a7db39fc.png?#)
.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
![Gurman: First Foldable iPhone 'Should Be on the Market by 2027' [Updated]](https://images.macrumors.com/t/7O_4ilWjMpNSXf1pIBM37P_dKgU=/2500x/article-new/2025/03/Foldable-iPhone-2023-Feature-Homescreen.jpg)
![Federal ‘click to cancel subscriptions’ rule delayed, may be weakened [U]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2024/10/Federal-click-to-cancel-subscriptions-rule-is-ratified.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![What Google Messages features are rolling out [May 2025]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2023/12/google-messages-name-cover.png?resize=1200%2C628&quality=82&strip=all&ssl=1)
![[Fixed] Gemini 2.5 Flash missing file upload for free app users](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/03/google-gemini-workspace-1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![So your [expletive] test failed. So [obscene participle] what?](https://regmedia.co.uk/2016/08/18/shutterstock_mobile_surprise.jpg)
![Apple Shares 'Last Scene' Short Film Shot on iPhone 16 Pro [Video]](https://www.iclarified.com/images/news/97289/97289/97289-640.jpg)
![Apple M4 MacBook Air Hits New All-Time Low of $824 [Deal]](https://www.iclarified.com/images/news/97288/97288/97288-640.jpg)
![An Apple Product Renaissance Is on the Way [Gurman]](https://www.iclarified.com/images/news/97286/97286/97286-640.jpg)
![Apple to Sync Captive Wi-Fi Logins Across iPhone, iPad, and Mac [Report]](https://www.iclarified.com/images/news/97284/97284/97284-640.jpg)
Power Automate - How to Change Connection Owners
One of the key challenges I have found with the built in Power Platform Pipelines is that it doesn't cover connections. The expectation is that the developer will deploy to production through a spn (as we don't want them to have access to edit production), but the new flows use the developers connections, wait what. The 2 benefits of ALM are: Cant access prod If they leave still works Well with this setup the developer still needs access to the prod data source, and if they leave it breaks. Fortunately there is a way, well actually 2. Matt Collins-Jones found the best way and documented it brilliantly at https://www.mattcollinsjones.co.uk/single-post/change-connections-during-deployments-power-platform-pipelines, I highly recommend reading it My way is a lot less graceful, but has the one benefit it can be ran outside of deployments (as isnt part of the import process). So lets dive into my solution Prerequisites Connections Change Connection The Full Flow 1. Prerequisites Currently in platform you can't share connections with other users, only with Apps (SPN'). This means you have to: Create SPN with Dynamics/Dataverse Scopes Good guide here Register the SPN as app in the environment So that we can give it a security role with access to Solution, SolutionComponent, and ConnectionReference tables The flow owner account needs System Admin Role So that it can use 'Get Connections as Admin' connector The Dataverse connections should use the SPN So that when we change connections the modifier of the row has permission to use the connection. Share Connections with SPN Not going to lie, this step is a pain, as you need to login as the connection owner and share each connection with the SPN. FYI these steps are also needed for Matts better approach 2. Connections So connections are in 2 places, the connections table and connection reference table. But if you have ever looked in the connections table you will see its empty, Microsoft knows how sensitive this data is and has secured it well. Luckily there is a way to get connections, and thats with the Power Apps Admins actions (yep the backend of the Power Platform is interesting, as connections are controlled by the Power App api, even though we probably use the more in Power Automate, I have done a blog about the API's if you are interested here: The 4 API's of the Power Platform). Good news is our flow owner has System Admin role so can see all connections, though not use them (good thing!). The action returns all the information we need: Owner/Creator Connection type Connection Status With the connections array we can do 2 key filters, first to get the new connections we want to use (this is by the connection owner) @or(equals(item()?['properties/createdBy/userPrincipalName'], triggerBody()['text_3']),equals(item()?['properties/createdBy/email'], triggerBody()['text_3'])) And the next filter is to get the right connector type (SharePoint/Dataverse/etc), and thats from the properties/apiId field. @contains(concat(item()?['properties/apiId'], '-'), concat(split(outputs('Get_a_row_by_ID_from_selected_environment')?['body/connectorid'], 'apis/')[1], '-')) This might make more sense when you see the whole flow
One of the key challenges I have found with the built in Power Platform Pipelines is that it doesn't cover connections. The expectation is that the developer will deploy to production through a spn (as we don't want them to have access to edit production), but the new flows use the developers connections, wait what. The 2 benefits of ALM are:
- Cant access prod
- If they leave still works
Well with this setup the developer still needs access to the prod data source, and if they leave it breaks.
Fortunately there is a way, well actually 2.
Matt Collins-Jones found the best way and documented it brilliantly at https://www.mattcollinsjones.co.uk/single-post/change-connections-during-deployments-power-platform-pipelines, I highly recommend reading it
My way is a lot less graceful, but has the one benefit it can be ran outside of deployments (as isnt part of the import process).
So lets dive into my solution
- Prerequisites
- Connections
- Change Connection
- The Full Flow
1. Prerequisites
Currently in platform you can't share connections with other users, only with Apps (SPN'). This means you have to:
Create SPN with Dynamics/Dataverse Scopes
Good guide here
Register the SPN as app in the environment
So that we can give it a security role with access to Solution, SolutionComponent, and ConnectionReference tables
The flow owner account needs System Admin Role
So that it can use 'Get Connections as Admin' connector
The Dataverse connections should use the SPN
So that when we change connections the modifier of the row has permission to use the connection.
Share Connections with SPN
Not going to lie, this step is a pain, as you need to login as the connection owner and share each connection with the SPN.
FYI these steps are also needed for Matts better approach
2. Connections
So connections are in 2 places, the connections table and connection reference table. But if you have ever looked in the connections table you will see its empty, Microsoft knows how sensitive this data is and has secured it well. Luckily there is a way to get connections, and thats with the Power Apps Admins actions (yep the backend of the Power Platform is interesting, as connections are controlled by the Power App api, even though we probably use the more in Power Automate, I have done a blog about the API's if you are interested here: The 4 API's of the Power Platform).
Good news is our flow owner has System Admin role so can see all connections, though not use them (good thing!).
The action returns all the information we need:
- Owner/Creator
- Connection type
- Connection
- Status
With the connections array we can do 2 key filters, first to get the new connections we want to use (this is by the connection owner)
@or(equals(item()?['properties/createdBy/userPrincipalName'], triggerBody()['text_3']),equals(item()?['properties/createdBy/email'], triggerBody()['text_3']))
And the next filter is to get the right connector type (SharePoint/Dataverse/etc), and thats from the properties/apiId field.
@contains(concat(item()?['properties/apiId'], '-'), concat(split(outputs('Get_a_row_by_ID_from_selected_environment')?['body/connectorid'], 'apis/')[1], '-'))
This might make more sense when you see the whole flow
