Set up pipeline environments and roles
Pipeline environments
You need to identify which environments you want to participate in pipelines in Microsoft Power Platform:
Development environment(s) - This environment is where you develop solutions. You can run a pipeline from within any development environment that links to it.
Target environment(s) - This environment is the destination environment that a pipeline deploys to, such as integration testing, user assistance testing (UAT), production, and so on.
You also require a host environment. This environment stores and manages all pipeline configuration, security, and run history.
You can set up the host for pipelines in two different ways:
Platform host - Makers configure this default, tenant-wide platform host.
Custom host - Admins configure a custom host to centrally govern projects.
The host environment should be a production environment. The following table shows recommendations for the environments that are involved in a pipeline.
| Environment purpose | Environment type | Managed | Standalone license required |
|---|---|---|---|
| Host | Production | No | No |
| Development | Developer/sandbox | No | No |
| Test | Developer/sandbox | Yes | Yes, if sandbox environment type |
| Production | Production | Yes | Yes |
Important
Licenses that grant premium use rights are required for all managed environments.
Environment limitations
You must make each target environment a Managed Environment.
Developer environments aren't required to be Managed Environments. You can use developer environments for development and testing.
All environments that take part in a pipeline must have a Dataverse data store provisioned.
All environments that are involved in a pipeline should be in the same geographic ___location. If you plan to create pipelines by using the platform host that includes environments that aren't present in this geographical region, you must turn on the Cross-Geo Solution Deployment option in the Deployment Pipeline Configuration app.
Pipeline roles
When you install the Microsoft Power Platform pipelines application in a custom pipelines host, the system adds the following security roles to the host environment:
Deployment Pipeline User - Has privileges to run pipelines that are shared with them.
Deployment Pipeline Administrator - Has full control over all pipeline configuration without needing system administrator security role membership.
Deployment Pipeline Default - Has lightweight pipeline creation permissions.
You can assign these security roles to users in the host environment.
Access the Deployment Pipeline Configuration app from Power Apps
Anyone with the Deployment Pipeline Administrator role can access the Deployment Pipeline Configuration app if they're using a custom host. Additionally, any tenant administrator for the app who's associated with the platform host can access the app.
From the Pipelines page within any solution, you can select the Manage pipelines button in the command bar to go to the configuration app of the pipelines host that is associated with the current environment.
If the current environment is associated with a custom pipelines host, the button links to the Deployment Pipeline Configuration app in the dedicated host environment.
If the current environment is associated with the platform host, the button links to an embedded Deployment Pipeline Configuration app in Microsoft Power Apps.
Assign pipeline roles by using Pipeline Security Teams in the Deployment Pipeline Configuration app
As a Deployment Pipeline Administrator, you can assign out-of-the-box pipeline roles in the Deployment Pipeline Configuration app.
You can select from the following teams:
Deployment Pipeline Administrators - These users have full access to all pipelines and can play the Deployment Pipeline Configuration app.
Deployment Pipeline Makers - These users can create and consume personal pipelines that are managed in the custom host. If a maker needs to use a shared pipeline, we recommend that you assign the user with the Deployment Pipeline Users role so that they can gain access to shared artifacts and shared stage runs.
Deployment Pipeline Users - These users can trigger a pipeline that's shared with them. Deployment Pipeline Users also have read access to all deployment stage runs within the same business unit.
You can add users to these teams to provide access to pipelines.
Next steps
Now, you learned about environments for pipelines in Microsoft Power Platform. Next, you learn how to configure environments for personal pipelines.