User Management

Add Azure Security Groups with Users to the Power Platform Environment

Typically new users are given access to an environment via a Microsoft 365 Security Group - generally this requires the intervention of a Microsoft 365 Admin.

Once a user is added to a group, another user with the System Administrator security role in the environment can update this user's security roles to ensure they are able to use the BrightWork 365 app in the intended manner.

For additional details about controlling user access to Power Platform environments (including the one that BrightWork 365 is installed in), Azure security groups, and licenses, see this documentation and contact your organization's system administrator.

BrightWork 365 Security Roles

See the BrightWork 365 Security Roles spreadsheet for comprehensive security roles details.

Assign Security Roles to Users

Note: Security roles will need to be assigned to individual users, not through the use of Azure security groups, and this is done through the standard Power Platform role assignment process. To learn more about a bulk assignment method for individual users see the XrmToolBox site.

All BrightWork 365 users must be assigned the following security role:

  • Basic User.

Request Submitters: If a user will only be submitting project requests, they will also require the following one additional security role (this does not consume a BrightWork 365 license):

  • BrightWork Request Submitter.

All other licensed BrightWork 365 users should have the following additional security role at a minimum:

  • BrightWork Team Member (this does consume a BrightWork 365 license). Users added to the BrightWork Team Member security role will appear in the app's Admin Area in Security > Users > BrightWork Users.

If security role changes are made to a user that is already logged in, the user will need to either refresh the screen with Ctrl-F5, or log out of the BrightWork 365 app and log back in to utilize the security role changes.

Create the Senior Manager Team

The BrightWork 365 Senior Manager team is used to limit the users returned in the following form lookup columns: 

  • BrightWork Group Manager
  • BrightWork Portfolio Manager
  • BrightWork Portfolio Sponsor
  • BrightWork Program Manager
  • BrightWork Program Sponsor

To create the team and add users:

  1. Login to the BrightWork App.
  2. Switch to the Admin area.
  3. Click Teams and click + New.
  4. Name the team "Senior Managers".
  5. Select a Business Unit, make yourself the Administrator and click Save.
  6. Click Add Existing User to begin adding your users to the team.

Other Lookup Column Related Security Roles

If you require greater granularity than afforded by the Senior Manager team to limit the users returned for one of the above referenced lookup columns, you have the option to use the other security roles referenced in the list below. However, in order for the associated lookup columns to use any of these security groups for user filtering instead of the Senior Manager group, a change to the underlying solution system view will need to be made. Contact your Customer Success Partner for additional information.

  • BrightWork Group Managers
  • BrightWork Portfolio Manager
  • BrightWork Portfolio Sponsor
  • BrightWork Program Manager
  • BrightWork Program Sponsor
  • BrightWork Project Sponsors

BrightWork 365 Roles Viewer Report

The BW365 Roles Viewer report (in the installation Solution Files zip) gives you a quick and easy way to see which role each user is assigned and the users on each team.

  • This section requires you to have Power BI Desktop installed on your computer. See to download it.
  • The report uses Direct Query. If you publish it to the Power BI service, it will always show the latest information without having to be put on a refresh schedule.

To setup the report:

  1. Copy the first part of the BrightWork 365 URL, as shown below.
  2. Open the BW365 Roles Viewer.pbit file, paste in the copied URL and click Load.
    Graphical user interface, application

Description automatically generated
  3. Login if necessary and click Connect.
  4. Save the report as a local PBIX file.


User Access Issues

With user diagnostics you can run through a series of checks to determine the health of a user account and view recommendations for resolving issues.

  1. Navigate to the Power Platform admin center, Environment Details page.
  2. Click on Settings | Users.
  3. Select the user and choose Run diagnostics from the top of the screen.
  4. Check the diagnostic Status and Results notes for any issues and resolution recommendations.