cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
emoii
Resolver I
Resolver I

Understand permission between Canvas App and CDS

Hi Guys

 

I have a question to my solution. 

So I have created a Model Driven App, with some custom Entities. One of them is a MS Teams entity, to provision Teams. I have also created a Canvas App based on this CDS, so the Canvas app shows the Teams Entity Fields, and one can submit a request from there. It all works fine for my own user, a System Administrator.

 

What I want to achive is, I have a bunch of users that needs to use this Canvas App, but I do not want to grant them permission to the CDS or the entities. So I created a service account that I connected my Canvas App with my CDS with, and then I load all necessary data into a Collection in the Canvas app. The Collection is then used to display data in some drop-down input fields, the data is mainly user names of employees.

 

But, when I sign into the app with a user that do not have any role in the CDS, my drop-downs are blank. Is it really necessary to give all users at least a Read role for the Entity in the CDS, or is my approach fine, but I am missing some little thing?

 

Thanks in advance

2 ACCEPTED SOLUTIONS

Accepted Solutions
rimatos
Microsoft
Microsoft

Hi @emoii

You should give the users the required permissions to access the data, as collections only store data during the current session you are in. Once you close the app the data that is stored in the collections will be deleted.

 

So in this case to load the data you should grant the users with at least read access to the entities.

 

 

Hope this helps!

 

Regards,

Ricardo

View solution in original post

Thanks

 

Figured out after some documentation from MS, that a CDS connection is not sharable, so I must assign a Security Role to the end user for each entity used. After doing that it worked. 

 

Used following documentation to understand the permissions, sharing and security roles.

https://docs.microsoft.com/en-us/powerapps/maker/canvas-apps/share-app
https://docs.microsoft.com/en-us/powerapps/maker/model-driven-apps/share-model-driven-app

View solution in original post

5 REPLIES 5
rimatos
Microsoft
Microsoft

Hi @emoii

You should give the users the required permissions to access the data, as collections only store data during the current session you are in. Once you close the app the data that is stored in the collections will be deleted.

 

So in this case to load the data you should grant the users with at least read access to the entities.

 

 

Hope this helps!

 

Regards,

Ricardo

View solution in original post

Thanks

 

Figured out after some documentation from MS, that a CDS connection is not sharable, so I must assign a Security Role to the end user for each entity used. After doing that it worked. 

 

Used following documentation to understand the permissions, sharing and security roles.

https://docs.microsoft.com/en-us/powerapps/maker/canvas-apps/share-app
https://docs.microsoft.com/en-us/powerapps/maker/model-driven-apps/share-model-driven-app

View solution in original post

Thank you for replying back @emoii

 

I'll mark your answer as a solution so other users can verify it when they reach this post.

 

Additionally, if you could provide the documentation where you retrieved this information it could also be useful for future reference 🙂

 

Regards,

Ricardo

Hi @emoii : Glad you were able to resolve this issue. 

 

I have a similar problem and intend to try out your solution but want to make sure of a point before doing so.

 

How were you able to assign security roles to the users of the Power App without them having a CRM license? Also what kind of license do your end users have?

Hi @kolamazing 

 

I was not. Users must have a CRM license or a P2 license to be shown under the Enabled Users in the Admin Center where you can assign Security Roles. Only users that are Application users, and used as some kind og service users I was able to assign Security Roles without them having a CRM license.

 

I figured out for a user to be able to see the CDS environment, they had to have a license, CRM or P2.

Helpful resources

Announcements
PA User Group

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group

MBAS Attendee Badge

Claim Your Badge & Digital Swag!

Check out how to claim yours today!

secondImage

Demo Extravaganza is Back!

We are excited to announce that Demo Extravaganza for 2021 has started!

MBAS on Demand

Microsoft Business Applications Summit sessions

On-demand access to all the great content presented by the product teams and community members! #MSBizAppsSummit #CommunityRocks

Power Apps June 2021

June Power Apps Community Call

Don't miss the call this month on June 16th - 8a PDT

Top Solution Authors
Top Kudoed Authors
Users online (10,595)