Mona answered, but I looks like it is not really sure. I would like to go a bit deeper in this topic.
For instance, let's say we have a sandbox in Dynamics 365 at mycompany-sandbox.crm4.dynamics.com ; I have an admin account named firstname.lastname@example.org which all user permissions, and a basic sales rep which only has access to 10 % of the records, named email@example.com. The security model has been set in the CRM, and that is why the sales rep only has access to 10 % of the records.
I built an app in PowerApps called "Mycompany Contacts", which is just a 3-screen app to display, edit, delete and create contacts.
- If I login to the app with firstname.lastname@example.org ; I will have access to all the records of the CRM. Fine.
- If I login with email@example.com ; I am supposed to see only 10 % of the contacts, so that I cannot see what I am supposed to see.
Will PowerApps follow the CRM security model, or do I have to do some kind of filtering in a gallery in PowerApps ?
@Lisabel0 Thank you very much for your answer. I tried to share the app to a user that does not have access to the Dynamics 365 sandbox, and it does not display any record in the app, which is a good indicator.
Now, I would like to go deeper, and see if all the details of the Dynamics 365 security model are followed. Let's try!
@Lisabel0 Okay, I have been testing this and I confirm, PowerApps follows the Dynamics CRM security model.
Consequently, in a gallery of contacts in PowerApps of instance, the user will only see the contacts that can be seen by him in Dynamics, according to its security model. However, in the edit page of a contact that the user should not be able to modify, it seems like the edit button will still be visible and clickable. If the user does a modificatio on the contact, there will be a red error message at the top of the screen when validating, and the contact will not be modifier.
Is there any way to hide the edit button, according to the rights of the user ? Maybe I will create another topic for this question.