Re: Powerapps Permission/License and not working i...

Li · ‎04-04-2019

Can anyone help me about the following questions...

1. We built a PowerApp and in order to allow everyone else in the organization to use it, we need to turn on their licnese under the business subscription (E3)? Does that mean, once users have licnese, they can also create apps within our company's domain (environment)?

2. The biggest issue we are facing is our internal tech support would like to block normal user access to Azure management portal (https://portal.azure.com) so they followed the article below and applied the conditional access to block the MS Azure Management for normal users. This does the job

https://docs.microsoft.com/en-us/azure/role-based-access-control/conditional-access-azure-management

However, the PowerApps embeded in the SharePoint page are now asking for signing in. The domain user clicks sign in and will get an error. Has anyone met similar issue? Really struggle with this and hard to find out the connection between PowerApps and Azure Management...

v-monli-msft · ‎04-05-2019

Hi @Li ,

1. If you would like the user not be able to create App in the environments, then you may remove the user from the Environment Admin and the Environment Maker, only share the App (set with Can use permission) created in the Environments with the user.

Doing in this way would have those users only be able to use the App shared with them, but have no rights to create new app in the corresponding Environments.

For now, permission configured through the environments have two roles:

Environment Admin, Environment Maker.

Please check the Manage security for your environments part in the following article for more details:

Environments administration in PowerApps

"

The Environment Maker role can create resources within an environment including apps, connections, custom connectors, gateways, and flows using Microsoft Flow. Environment Makers can also distribute the apps they build in an environment to other users in your organization. They can share the app with individual users, security groups, or all users in the organization. For more information, seeShare an app in PowerApps.

"

2. What is the data source of this app? To access data inside the app, users must sign in and their account must have the proper permission on the data source. For more information, please refer to:

https://docs.microsoft.com/en-us/powerapps/maker/canvas-apps/share-app-resources

Regards,

Mona

Community Support Team _ Mona Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Li · ‎04-05-2019

Thanks very much for looking into my questions! @v-monli-msft

Regarding 1. I have already followed the links to remove user roles, however, they can still see the Create button from PowerApps portal, I noticed some people mentioned it's something to do with default environment? if that's ture, that means any user can create PowerApps in the default environment

Regarding 2. The app is talking to SharePoint Online lists, all other connections are Azure function (using API key), Outlook. It is still working on the standalone app (mobile/teams etc.) But giving the error from the embeded PowerApps web part on the SharePoint Online web page. I cannot understand why blocking Microsoft Azure Management will also block web access to PowerApps?

Thanks for your time!

ShaneOss · ‎04-17-2019

https://social.msdn.microsoft.com/Forums/en-US/a4d65703-6191-4a52-9df8-e04a417f6fba/conditional-acce...

Powerapps Permission/License and not working in Browser when conditional access rule enabled (block Management Azure Management)

Helpful resources

2022 Release Wave 1 Plan

Community & How To Videos