cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Sam44
Helper III
Helper III

How to hide Model driven apps

We are using CDS as employee management system and it has Employee entity.

Currently we provide Canvas app for general employees and Model-driven app to Only HR.

2 security roles we have as General and HR.

At General security role, Employee entity, they have Read, Write, Update privileges' but at "Customization" tab, we disabled all Model-driven app privilege's such as Read, Write... means we don't want General employees to access Model driven app.

Share a model-driven app using Power Apps - Power Apps | Microsoft Docs

 

On the other hand, HR security role has privileges' to use Model driven apps.

 

So I want to know why general employee can see Model driven apps though all Model driven app privileges' were disabled.

Thanks for your help!

1 ACCEPTED SOLUTION

Accepted Solutions

Hi @Sam44 ,

 

Yes those out of box roles are a special case, particularly Environment Maker. What you can do is clone an existing role and make changes to the clone as needed. That said, if you want the users to be able to create apps but not see certain apps, then you are best off creating a different environment for those departments to segregate access.

 

---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.

View solution in original post

6 REPLIES 6
Mira_Ghaly
Dual Super User II
Dual Super User II

@Sam44 

Can you click on share app and click on your app and check the security roles assigned to your app?

Mira_Ghaly_0-1617190530482.png

 

If this post helps you with your problem, please mark your as Accepted solution.If you like my response, please give it a Thumbs Up.

Blog: here

Thanks for your reply @Mira_Ghaly  !

Yes, as for the HR people, we share model driven app with the way you mentioned and it worked fine. HR people (in other words, people who has HR security role) can use model driven apps.

 

But my problem is (things I want to achieve is) "Hide away Model driven app" from General employees who only shared Canvas app, and has security role Named "General" which disabled read, write, update privileges' with "Customization" tab, model driven app.

Thanks!

Hi @Sam44 ,

 

Do the users have any other security roles assigned such as Environment Maker, System Customizer, or System Administrator? If they do, they will see ALL Model-Driven Apps in the environment.

 

Reference: https://docs.microsoft.com/en-us/powerapps/maker/model-driven-apps/app-visibility-privileges 

 

---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.

Hi @ChrisPiasecki 

Oh my... yes, they have Enviroment Maker role as well since we have several enviroments.

And I found in Enviroment Maker role, it grants Read, Write, Update model driven app priviledges and seems it does not allow us to modify....is this a special role or some?

 

Then, is this possible to create custome role to allow user to switch enviroments without using Enviroment Maker role?

Hi @Sam44 ,

 

Yes those out of box roles are a special case, particularly Environment Maker. What you can do is clone an existing role and make changes to the clone as needed. That said, if you want the users to be able to create apps but not see certain apps, then you are best off creating a different environment for those departments to segregate access.

 

---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.

It's a special out-of-the-box role that cannot be modified as Chris stated. If your CDS/Dataverse instance is provisioned in the Default environment then there's no way to unassign it as all users by default will be assigned the maker role. You'll need to provision a new environment, deploy your configurations/customizations via an unmanaged solution to that new environment, and then those users will not have that role assigned unless you manually assign it.

Hope this helps!

Helpful resources

Announcements
2022 Release Wave 1 760x460.png

2022 Release Wave 1 Plan

Power Platform release plan for the 2022 release wave 1 describes all new features releasing from April 2022 through September 2022.

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

Users online (1,834)