cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
emoii
Resolver I
Resolver I

Understand permission between Canvas App and CDS

Hi Guys

 

I have a question to my solution. 

So I have created a Model Driven App, with some custom Entities. One of them is a MS Teams entity, to provision Teams. I have also created a Canvas App based on this CDS, so the Canvas app shows the Teams Entity Fields, and one can submit a request from there. It all works fine for my own user, a System Administrator.

 

What I want to achive is, I have a bunch of users that needs to use this Canvas App, but I do not want to grant them permission to the CDS or the entities. So I created a service account that I connected my Canvas App with my CDS with, and then I load all necessary data into a Collection in the Canvas app. The Collection is then used to display data in some drop-down input fields, the data is mainly user names of employees.

 

But, when I sign into the app with a user that do not have any role in the CDS, my drop-downs are blank. Is it really necessary to give all users at least a Read role for the Entity in the CDS, or is my approach fine, but I am missing some little thing?

 

Thanks in advance

2 ACCEPTED SOLUTIONS

Accepted Solutions
rimatos
Microsoft
Microsoft

Hi @emoii

You should give the users the required permissions to access the data, as collections only store data during the current session you are in. Once you close the app the data that is stored in the collections will be deleted.

 

So in this case to load the data you should grant the users with at least read access to the entities.

 

 

Hope this helps!

 

Regards,

Ricardo

View solution in original post

Thanks

 

Figured out after some documentation from MS, that a CDS connection is not sharable, so I must assign a Security Role to the end user for each entity used. After doing that it worked. 

 

Used following documentation to understand the permissions, sharing and security roles.

https://docs.microsoft.com/en-us/powerapps/maker/canvas-apps/share-app
https://docs.microsoft.com/en-us/powerapps/maker/model-driven-apps/share-model-driven-app

View solution in original post

5 REPLIES 5
rimatos
Microsoft
Microsoft

Hi @emoii

You should give the users the required permissions to access the data, as collections only store data during the current session you are in. Once you close the app the data that is stored in the collections will be deleted.

 

So in this case to load the data you should grant the users with at least read access to the entities.

 

 

Hope this helps!

 

Regards,

Ricardo

View solution in original post

Thanks

 

Figured out after some documentation from MS, that a CDS connection is not sharable, so I must assign a Security Role to the end user for each entity used. After doing that it worked. 

 

Used following documentation to understand the permissions, sharing and security roles.

https://docs.microsoft.com/en-us/powerapps/maker/canvas-apps/share-app
https://docs.microsoft.com/en-us/powerapps/maker/model-driven-apps/share-model-driven-app

View solution in original post

Thank you for replying back @emoii

 

I'll mark your answer as a solution so other users can verify it when they reach this post.

 

Additionally, if you could provide the documentation where you retrieved this information it could also be useful for future reference 🙂

 

Regards,

Ricardo

Hi @emoii : Glad you were able to resolve this issue. 

 

I have a similar problem and intend to try out your solution but want to make sure of a point before doing so.

 

How were you able to assign security roles to the users of the Power App without them having a CRM license? Also what kind of license do your end users have?

Hi @kolamazing 

 

I was not. Users must have a CRM license or a P2 license to be shown under the Enabled Users in the Admin Center where you can assign Security Roles. Only users that are Application users, and used as some kind og service users I was able to assign Security Roles without them having a CRM license.

 

I figured out for a user to be able to see the CDS environment, they had to have a license, CRM or P2.

Helpful resources

Announcements
PA User Group

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group

Power Query PA Forum 768x460.png

Check it out!

Did you know that you can visit the Power Query Forum in Power BI and now Power Apps

V3_PVA CAmpaign Carousel.png

Community Challenge - Giveaways!

Participate in the Power Virtual Agents Community Challenge

Carousel 2021 Release Wave 2 Plan 768x460.jpg

2021 Release Wave 2 Plan

Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.

Top Solution Authors
Top Kudoed Authors
Users online (2,527)