When an employee leaves an organisation, it's important that other employees can still access the apps that were created and owned by the employee. This post walks through the life cycle of an app, starting from when an employee creates an app to the time that the employee leaves the organisation. We also look at how to change the owner of an app.
What happens to apps after the app owner is deleted?After an administrator deletes Pradeep from the Microsoft organisation, this is what we see when we enter the app sharing settings.
Notice that the remaining users retain access to the app and in the
case of "Co-owners", those users will still be able to edit and share
the app. However, notice that the app is now missing an "Owner".
What can Owners do that Co-owners cannot do?
Now that our app has no owner, what's the practical impact of this? Effectively, a co-owner can do almost everything that the owner could do. However, one thing that a co-owner cannot do is delete an app (the 'delete' menu option is greyed out in the app list). Therefore, there is now no way for any of the assigned users to delete the app, although it's possible for a tenant administrator to carry out this task with Power Shell.
How to change/reset the owner of a canvas app
To set an app owner or to change the owner of an app, we can perform this action with Power Shell. Lee Zuckett (Senior Power Apps program manager at Microsoft) and Steve Jeffery recently published a great article on this topic. I was fortunate to have worked with Lee during my book project, so I would recommend his post, particularly if you want to learn more about resetting the owners of model-driven apps. https://powerapps.microsoft.com/en-us/blog/updating-ownership-for-power-apps-apps/
In terms of our example, to reset the owner of our app, we first need to install the PowerShell Cmdlets for Power Apps. To use the Cmdlets, we require tenant admin access, the environment id, app id, and user id. My post here. describes how to retrieve the environment and app ids:
To reset the app owner, here are the initial Power Shell commands that we need to run.
Install-Module -Name Microsoft.PowerApps.Administration.PowerShell
Install-Module -Name Microsoft.PowerApps.PowerShell –AllowClobber
The Set-AdminPowerAppOwner cmdlet resets the owner. Note that '$Global:currentSession.userId' value specifies the user id of the user that's currently running the Power Shell script.
The screenshot beneath highlights the result when this cmdlet succeeds - specifically, the "error" entries will be blank.
If we now return to the app sharing screen, we now see that "Tim Leung" is now the owner of the app.
Can an app have 2 owners?
Is it possible for an app to have 2 owners? The answer is no. If we attempt to assign another owner with the Set-AdminPowerAppOwner cmdlet, it overwrites the existing owner with the new owner.
The important point to note here is that when we call Set-AddPowerAppOwner cmdlet, it resets the existing owner as a "User", rather than a "Co-owner".
As a side note, one way to retrieve the user id of a specified user for use with the Set-AdminPowerAppOwner cmdlet, is to open the user in the Microsoft 365 admin center, and to retrieve the user from the address bar (shown below).
When an employee leaves an organisation, existing users will still be able to access and run the apps that were owned by the employee, and existing co-owners will still be able to edit the apps. Once the employee leaves, a tenant admin can use Power Shell to re-assign a new owner if this is necessary.