cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Billy_C
Helper V
Helper V

Can you change the standard selected environment

Hi there,

 

When you add the powerapps license to the user it gets automatically access to the default environment.

Now I have made it so that this user has access to the production environment but when the user goes make.powerapps.com the first environment that is active is the default environment.

Is there a way to make sure that the selected environment is always the production environment.

Also this user is not supposed to be able to create applications since this user is a business user and the creation of applications are managed by our IT departement so the only thing the user should be able to do is use our existing application, create records personal views and all the different activities, be able to activate business rules and flows, etc.

 

How can I make sure that the user is always on the production environment by default instead of having to change environments before you can access the app itself.

 

Thanks in Advance!

 

Billy Cottrell

2 ACCEPTED SOLUTIONS

Accepted Solutions
ChrisPiasecki
Super User
Super User

Hi @Billy_C,

 

Your app users should not have to go to make.powerapps.com to access their app. They can access them from the M365 Apps Page

 

To prevent them from creating apps or other customizations, ensure the user does not have the System Administrator, System Customizer, Environment Admin or Environment Maker security roles in the environment.

 

---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.

View solution in original post

Hi @Billy_C,

 

To confirm, are these all model driven apps? For the security role you assigned, can you ensure that under the Customization tab, only Read access is granted for Model-Driven App privilege?

 

As per documentation:

Users granted Read, Create, and Write to the Model-driven App privilege have access to all apps in the environment, even when they're not part of any role that has access to the app.

 

https://docs.microsoft.com/en-us/powerapps/maker/model-driven-apps/share-model-driven-app#assign-sec...

 

---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.

View solution in original post

10 REPLIES 10
ChrisPiasecki
Super User
Super User

Hi @Billy_C,

 

Your app users should not have to go to make.powerapps.com to access their app. They can access them from the M365 Apps Page

 

To prevent them from creating apps or other customizations, ensure the user does not have the System Administrator, System Customizer, Environment Admin or Environment Maker security roles in the environment.

 

---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.

View solution in original post

Billy_C
Helper V
Helper V

Hi @ChrisPiasecki,

 

Well what you are saying is indeed true, I am able to access those apps from M365 Apps Page, but I can see apps that this person shouldn't have access to although I never gave access to these applications in the first place. Problem is that these apps are from the default environment and from other environments that were premade and when checking if this user has access or not to that application then I see that she isn't on the list of users with who the application was shared and therefore she shouldn't have access to it.

Since this is a Default environment she automatically was added as a user of this environment but I don't see that she has any of those roles you specified (or not atleast where I was looking at).

 

To top that off she doesn't even see the application that she is supposed to see even though I shared the app with her. The only location she can see that shared application is on the make.powerapps.com page.

 

Is there any way I can still disable those apps for her so she can't see them, and show the other application on that page instead?

 

Thanks in Advance,

 

Billy Cottrell

Billy_C
Helper V
Helper V

To give you a small update, I managed to remove all apps from the default environment while retaining access to the production environment. Now I have removed all roles from the user in the production environment except basic user and external sales (custom role). How can I make sure that she can only have access for apps where she was added to, because at the moment she has access to 2 other applications where she wasn't added to. Or does this depend on the settings I have given to that role?

 

Because I want the user to be able to use out-of-the-box (OOB) activities but not the OOB entities, but also use custom entities, the ability to use flows, business process flows, create documents using word templates, be able to create custom views with filters and such, but also be able to export/import from excel files and be able to use business rules.

(I think that's all, not entirely sure though)

 

So how can I make sure that this role has enough permissions to fully use the application but not be able to see the other 2 applications.

 

Also I have 5 applications on the M365 Apps Page but they shouldn't be visible to the user as they have been disabled in Powerapps, also the application that should be displayed is not in that list is there a method to add/remove these applications from this home page for that user?

 

Thanks in Advance,

 

Billy Cottrell

Hi @Billy_C,

 

To confirm, are these all model driven apps? For the security role you assigned, can you ensure that under the Customization tab, only Read access is granted for Model-Driven App privilege?

 

As per documentation:

Users granted Read, Create, and Write to the Model-driven App privilege have access to all apps in the environment, even when they're not part of any role that has access to the app.

 

https://docs.microsoft.com/en-us/powerapps/maker/model-driven-apps/share-model-driven-app#assign-sec...

 

---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.

View solution in original post

Billy_C
Helper V
Helper V

Hi @ChrisPiasecki,

 

Oh okay, so yes they are all model driven applications and apparently that role had all permissions for the Model driven app privilege. So I changed it to Read only and now it works!

Thank you very much for your help!

 

Kind regards,

 

Billy Cottrell

Perfect! Glad I could help.

 

- Chris

Billy_C
Helper V
Helper V

@ChrisPiasecki, so that part is now solved but for some reason these applications are still visible in the M365 Apps Page while the shared application is not visible?

https://i.imgur.com/cODlNHi.png 

Normally 1 app should be displayed called IKANDA CRM but for some reason that application is not present?

Or will it just take some time to adjust to these role changes?

 

Thanks in advance,

 

Billy Cottrell

Hi @Billy_C,

 

I'll try to reproduce the issue, but I'll just need a bit more info.

Can you confirm the following?

  • The apps are in a production environment with a Dataverse database
  • The environment has a security group applied or no?
  • If yes to above, is your user in the same security group? 
  • The model driven app has a security role applied
  • The user has the same security role associated with the model driven app
  • The security role has just read Model driven app privileges

---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.

Billy_C
Helper V
Helper V

Hi @ChrisPiasecki,

 

Sure no problem:

  • The apps being displayed in the M365 Apps Page are in default and production environment, the app that should be displayed is in production environment both environments have a Dataverse database
  • The default environment has no Security group, but production has a security group
  • The user is in the same security group as the production environment
  • The model driven app I want to be shown has a security role applied
  • The user has the same security role
  • the security has only read permission for the Model driven app privileges

The user doesn't have access to the apps shown in M365 Apps Page when starting them from there.

The user doesn't see the apps on make.powerapps.com that are displayed on M365 Apps Page.

 

I tried looking at the Dynamics Platform (just wanted to check it) and at first the same apps where displayed, but then I saw that there was a sync button. After pressing it all apps disappeared from the Dynamics platform except the app I want to see it after waiting a bit it updated the M365 Apps Page aswell and now all is fine.

So apparently if someone sees or is missing Model Driven Apps then you need to synchronize your apps on the Dynamics platform, I think that they should add the same button on the M365 Apps Page, might make things easier and more clear.

 

Kind regards,

 

Billy Cottrell

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

M365 768x460.jpg

Microsoft 365 Collaboration Conference | December 7–9, 2021

Join us, in-person, December 7–9 in Las Vegas, for the largest gathering of the Microsoft community in the world.

Users online (2,427)