Base scenario, you have a Power Platform Environment that have security setting assigned to a Teams Group.

What we need to achieve is that whenever a new user is added to the Team as a member, the user will be synchronized to the Environment with a set of security roles.

Normally the syncing of user to an Environment is automatic but it might take some time and no security role is given. The Environment owner usually have to manually add the user to the environment and assigned the security roles needed.

The flow is not complicated but it depends on your requirements, the basic flow is built with the following steps:

1. Trigger when a new team member is added to the Teams
2. Force Sync user to the “Environment”
3. Now get the user in Dataverse, remember that the UserGUID in Dataverse is not the same as the UserGUID in Entra ID
4. Get the Id of the security role that you want to assign to the user
5. Connect the user with the security role by relate the two values above with “Security Role – systemuserroles_association”,

I’m using the following expression to avoid looping in Power Automate:

first(outputs('List_rows_-_get_user_in_dataverse')?['body/value'])['systemuserid']

first(outputs('List_rows_-_get_security_role')?['body/value'])['@odata.id']