We have over 5000 people in our organization. Got maybe 40 different departments that want to use PowerApps to develop something.
1)Is it wise to create 40 different Dev Environments based on Departments and 40 different Production Environments?
2) Is that easy for environment admin to manage?
3)Or what is the best way to set up this structure?
4) each department's app will not be exposed to other departments, but if they do want to share it, are they able to share that app only and not the whole environment?
Each dept maybe got like 2-3 developers.
Hi @Learnfromyou ,
Firstly, I don't think you need to create so many environments.
I suggest you create 2 environments, one for development, one for production.
And then you give diffrent perimission to different deparments.
For example, make admins have permission to all environments ,developers have permission to delevopment environment, common users have permission to production environment.
Secondly, manage envrionment is not so hard.
The most impromant thing is managing security role(permission) and DLP (data loss policy).
DLP is used to prevent information's security.An organization's data must be protected so that it isn't shared with audiences that should not have access to it.
Here are docs about how to manage environment in details for your reference:
Thirdly, if departmentA do not have access to one app, while departmentB have.
DepartmentB could share the app to A and give A access to run or edit.
User could only share app not share environment.
Best Practice for almost any application development is to have 3 environments. If you are developing an application and need people to test it while you make changes, you need a QA environment.
Also, think of an environment like a security container. Is there anything contained within it that you don't want other developers to leverage? Data in the CDS? A connector to SQL that is shared with everyone for read access? If you make a developer a maker in the environment, they can have access to that data if permissions are not setup correctly. Maybe you have different requirements for DLP policies for different groups. Example: Communications wants the ability to use Flow with Twitter and save data to a SharePoint list. If I separate Twitter and Office 365 into business and non-business, they can't. So I need a custom environment just for them and that DLP policy.
I would say do what is best for you, I know I am creating 3 environments for each large department. Creating a default DLP template that I apply to each one, and then make changes as needed. Limiting yourself to just a few environments for an entire organization is like saying, use 2 Site Collections in SharePoint for all sites and just manager permissions at the list/library, folder, subsite level. You will run into problems down the road.
Check it out!
Fill out a quick form to claim your user group badge now!
Find out where you can attend!
Features releasing from October 2019 through March 2020