powerplatform_user support environment without dataverse

[jmservier]

Dear all,
Firstly thanks for your works.

Description

We would like to declare administrator for non managed environnemnt with Terraform.
With the web interface I can do it:

1. Select the environment
2. to the right they are panel "Access" (in french "Acceder") that allow to wiew current admin
   
3. once we click on "Afficher tout" -> "view all" , we can add admin user

What I try

resource "powerplatform_environment" "this" {
  display_name     = local.environment_name
  location         = var.location
  environment_type = var.environment_type == "PROD" ? "Production" : "Sandbox"

}

resource "powerplatform_user" "admin" {
  environment_id = powerplatform_environment.this.id
  security_roles = ["Environment Admin"]
  aad_id         = var.administrator_object_id
  disable_delete = false

}

And the current issue:

powerplatform_environment.this: Creating...
powerplatform_environment.this: Creation complete after 6s [id=xxxxxxxxxxxxxxxxxxxxxx]
powerplatform_user.admin: Creating...
╷
│ Error: Client error when creating _user
│ 
│   with powerplatform_user.admin,
│   on main.tf line 12, in resource "powerplatform_user" "admin":
│   12: resource "powerplatform_user" "admin" {
│ 
│ Unexpected HTTP status code. Expected: [200], received: [409] 409 Conflict
│ | {"error":{"code":"UnlinkedEnvironmentForbiddenOperation","message":"The
│ environment 'xxxxxxxxxxxxxxxxxxxx' is not linked to a new
│ CDS 2.0 instance. The following operation is forbidden for unlinked
│ environments:
│ 'POST/PROVIDERS/MICROSOFT.BUSINESSAPPPLATFORM/SCOPES/ADMIN/ENVIRONMENTS/ADDUSER'","detailUrlType":"NotSpecified"}}

Definition of Done

They are a terraform way (ressource ?) to declare an administrator for non managed environment

[rpothin]

Hi @jmservier,

Has the environment where you are trying to manage administrators Dataverse enabled? (to confirm this, you can look for the Dataverse version on your environment home page in PPAC like illustrated below)

I am not sure your error is related to the fact that your environment is not managed.

Thank you in advance for your answer.
Have a great day.
Raphael

[jmservier]

As I try to create an environment and after to assign an administrator.
I can not see this web page.

If I create a Production environment with Dataverse enable this will imply to provides a premium licence isn't it ?

Manually (from the web), I am able to create a non managed environment without DataVerse and to assign an administrator.
I would like to do the same with terraform.

[rpothin]

Thank you for the clarification @jmservier.

I will let the team maintaining this provider provide an answer then 😊
From my perspective they will need to decide if it is something they forgot to cover in the existing user resource or a brand-new requirement (potentially due to the fact that user security roles management in an environment without Dataverse is based on a different API).

[jmservier]

Thanks @rpothin
They are this Microsoft documentation: https://learn.microsoft.com/en-us/power-platform/admin/database-security
that describe how to assign an administrator without Dataverse.

[mawasile]

hi @jmservier, @rpothin is correct. To managed user and their security roles using powerplatform_user the environment has to have Dataverse where those information are stored and managed.
We don't support this part with powerplatform_user at the moment