New command: `pa app permission ensure`

### Usage

m365 pa app permission ensure [options]

### Description

Assigns/updates permissions to a Power Apps app

### Options

Option | Description
-- | --
`--appName <appName>` | The name (GUID) of the Microsoft Power App.
`--roleName <roleName>` | Permission level given to the app. Valid values: `CanEdit`, `CanView`. Sharing with the entire tenant is only supported with `CanView` role.
`--userId [userId]` | The ID of the user. Specify either `userId`, `userName`, `groupId`, `groupName`, or `tenant`.
`--userName [userName]` | User principal name of the user. Specify either `userId`, `userName`, `groupId`, `groupName`, or `tenant`.
`--groupId [groupId]` | The ID of the group. Specify either `userId`, `userName`, `groupId`, `groupName`, or `tenant`.
`--groupName [groupName]` | The name of the group. Specify either `userId`, `userName`, `groupId`, `groupName`, or `tenant`.
`--tenant` | Share the app with the entire tenant. When specifying this, only `CanView` role is supported. Specify either `userId`, `userName`, `groupId`, `groupName`, or `tenant`.
`--asAdmin` | Run the command as admin for apps you don't own.
`-e, --environmentName [environmentName]` | The name of the environment. Specify only a value when running the command as admin.
`--sendInvitationMail` | When set, an invitation mail will be sent.

### Examples

Share a Power App app with another user with run-only permissions

```sh
m365 pa app permission ensure --appName bc9f0a7e-53df-46af-b669-5888bb2f63d0 --userName john.doe@contoso.com --roleName CanView --sendInvitationMail
```

Add co-owner permissions for a security group to a Power Apps app

```sh
m365 pa app permission ensure --appName bc9f0a7e-53df-46af-b669-5888bb2f63d0 --groupName Developers --roleName CanEdit
```

Add permissions as admin to a Power App app that you do not own

```sh
m365 pa app permission ensure --environment Default-e535e809-c6a1-47b5-8951-d0898a64bf8a --appName bc9f0a7e-53df-46af-b669-5888bb2f63d0 --userId 42a28ec6-972f-4fdd-b483-50ee4b237f91 --roleName CanEdit --asAdmin
```

Share a Power Apps app with everyone in the tenant

```sh
m365 pa app permission ensure --appName bc9f0a7e-53df-46af-b669-5888bb2f63d0 --roleName CanView --tenant
```

### Default properties

_No response_

### Additional Info

This is  a suggestion from our Discord community server.

#### Docs

Remarks:

- Only security groups can be used to share apps with

#### API request

##### When app is owned by the user

```http
POST https://api.powerapps.com/providers/Microsoft.PowerApps/apps/<APP ID>/modifyPermissions?api-version=2022-11-01
{
    "put": [
        {
            "properties": {
                "principal": {
                    "id": "42a28ec6-972f-4fdd-b483-50ee4b237f91", // ID of user, group or tenant
                    "type": "User" // Supported values: User, Group, Tenant
                },
                "NotifyShareTargetOption": "Notify", // Supported values: DoNotNotify, Notify
                "roleName": "CanView" // Supported values: CanView, CanEdit
            }
        }
    ]
}
```

##### When running as admin

```http
POST https://api.powerapps.com/providers/Microsoft.PowerApps/scopes/admin/environments/<Environment ID>/apps/<App ID>/modifyPermissions?api-version=2022-11-01
{
    "put": [
        {
            "properties": {
                "principal": {
                    "id": "42a28ec6-972f-4fdd-b483-50ee4b237f91", // ID of user, group or tenant
                    "type": "User" // Supported values: User, Group, Tenant
                },
                "NotifyShareTargetOption": "Notify", // Supported values: DoNotNotify, Notify
                "roleName": "CanView" // Supported values: CanView, CanEdit
            }
        }
    ]
}
```

Option	Description
`--appName <appName>`	The name (GUID) of the Microsoft Power App.
`--roleName <roleName>`	Permission level given to the app. Valid values: `CanEdit`, `CanView`. Sharing with the entire tenant is only supported with `CanView` role.
`--userId [userId]`	The ID of the user. Specify either `userId`, `userName`, `groupId`, `groupName`, or `tenant`.
`--userName [userName]`	User principal name of the user. Specify either `userId`, `userName`, `groupId`, `groupName`, or `tenant`.
`--groupId [groupId]`	The ID of the group. Specify either `userId`, `userName`, `groupId`, `groupName`, or `tenant`.
`--groupName [groupName]`	The name of the group. Specify either `userId`, `userName`, `groupId`, `groupName`, or `tenant`.
`--tenant`	Share the app with the entire tenant. When specifying this, only `CanView` role is supported. Specify either `userId`, `userName`, `groupId`, `groupName`, or `tenant`.
`--asAdmin`	Run the command as admin for apps you don't own.
`-e, --environmentName [environmentName]`	The name of the environment. Specify only a value when running the command as admin.
`--sendInvitationMail`	When set, an invitation mail will be sent.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

New command: `pa app permission ensure` #4651

Usage

Description

Options

Examples

Default properties

Additional Info

Docs

API request

When app is owned by the user

When running as admin

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

New command: pa app permission ensure #4651

Description

Usage

Description

Options

Examples

Default properties

Additional Info

Docs

API request

When app is owned by the user

When running as admin

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

New command: `pa app permission ensure` #4651