Power Platform - Evaluation Viewer Role

🚨 The Signal: A new 'Evaluation Viewer' role in Power Platform enhances separation of duties for QA teams. This read-only role allows reviewing agent evaluations without granting authoring permissions, improving governance and reducing over-privileging.

The Impact

Power Platform administrators and security teams are affected, with a positive impact on security posture by enabling least privilege.

  • Power Platform Admins: Can now assign a least-privilege role for evaluation tasks.
  • Security Teams: Benefits from reduced risk of over-privileged accounts in Power Platform.
  • QA Teams: Gain read-only access to evaluation assets, improving workflow security.

The Action

  1. Review existing Power Platform roles and permissions for QA and validation teams.
  2. Identify users currently over-privileged for evaluation tasks.
  3. Plan to assign the new 'Evaluation Viewer' role to relevant QA and validation personnel post-public preview.
  4. Monitor Power Platform access for adherence to least privilege principles.

Domain: Other · Impact: low · Workload: Other · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898