Hi there,
When you add the powerapps license to the user it gets automatically access to the default environment.
Now I have made it so that this user has access to the production environment but when the user goes make.powerapps.com the first environment that is active is the default environment.
Is there a way to make sure that the selected environment is always the production environment.
Also this user is not supposed to be able to create applications since this user is a business user and the creation of applications are managed by our IT departement so the only thing the user should be able to do is use our existing application, create records personal views and all the different activities, be able to activate business rules and flows, etc.
How can I make sure that the user is always on the production environment by default instead of having to change environments before you can access the app itself.
Thanks in Advance!
Billy Cottrell
Solved! Go to Solution.
Hi @Billy_C,
Your app users should not have to go to make.powerapps.com to access their app. They can access them from the M365 Apps Page
To prevent them from creating apps or other customizations, ensure the user does not have the System Administrator, System Customizer, Environment Admin or Environment Maker security roles in the environment.
---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.
Hi @Billy_C,
To confirm, are these all model driven apps? For the security role you assigned, can you ensure that under the Customization tab, only Read access is granted for Model-Driven App privilege?
As per documentation:
Users granted Read, Create, and Write to the Model-driven App privilege have access to all apps in the environment, even when they're not part of any role that has access to the app.
---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.
Hi @Billy_C,
Your app users should not have to go to make.powerapps.com to access their app. They can access them from the M365 Apps Page
To prevent them from creating apps or other customizations, ensure the user does not have the System Administrator, System Customizer, Environment Admin or Environment Maker security roles in the environment.
---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.
Hi @ChrisPiasecki,
Well what you are saying is indeed true, I am able to access those apps from M365 Apps Page, but I can see apps that this person shouldn't have access to although I never gave access to these applications in the first place. Problem is that these apps are from the default environment and from other environments that were premade and when checking if this user has access or not to that application then I see that she isn't on the list of users with who the application was shared and therefore she shouldn't have access to it.
Since this is a Default environment she automatically was added as a user of this environment but I don't see that she has any of those roles you specified (or not atleast where I was looking at).
To top that off she doesn't even see the application that she is supposed to see even though I shared the app with her. The only location she can see that shared application is on the make.powerapps.com page.
Is there any way I can still disable those apps for her so she can't see them, and show the other application on that page instead?
Thanks in Advance,
Billy Cottrell
To give you a small update, I managed to remove all apps from the default environment while retaining access to the production environment. Now I have removed all roles from the user in the production environment except basic user and external sales (custom role). How can I make sure that she can only have access for apps where she was added to, because at the moment she has access to 2 other applications where she wasn't added to. Or does this depend on the settings I have given to that role?
Because I want the user to be able to use out-of-the-box (OOB) activities but not the OOB entities, but also use custom entities, the ability to use flows, business process flows, create documents using word templates, be able to create custom views with filters and such, but also be able to export/import from excel files and be able to use business rules.
(I think that's all, not entirely sure though)
So how can I make sure that this role has enough permissions to fully use the application but not be able to see the other 2 applications.
Also I have 5 applications on the M365 Apps Page but they shouldn't be visible to the user as they have been disabled in Powerapps, also the application that should be displayed is not in that list is there a method to add/remove these applications from this home page for that user?
Thanks in Advance,
Billy Cottrell
Hi @Billy_C,
To confirm, are these all model driven apps? For the security role you assigned, can you ensure that under the Customization tab, only Read access is granted for Model-Driven App privilege?
As per documentation:
Users granted Read, Create, and Write to the Model-driven App privilege have access to all apps in the environment, even when they're not part of any role that has access to the app.
---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.
Hi @ChrisPiasecki,
Oh okay, so yes they are all model driven applications and apparently that role had all permissions for the Model driven app privilege. So I changed it to Read only and now it works!
Thank you very much for your help!
Kind regards,
Billy Cottrell
Perfect! Glad I could help.
- Chris
@ChrisPiasecki, so that part is now solved but for some reason these applications are still visible in the M365 Apps Page while the shared application is not visible?
https://i.imgur.com/cODlNHi.png
Normally 1 app should be displayed called IKANDA CRM but for some reason that application is not present?
Or will it just take some time to adjust to these role changes?
Thanks in advance,
Billy Cottrell
Hi @Billy_C,
I'll try to reproduce the issue, but I'll just need a bit more info.
Can you confirm the following?
---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.
Hi @ChrisPiasecki,
Sure no problem:
The user doesn't have access to the apps shown in M365 Apps Page when starting them from there.
The user doesn't see the apps on make.powerapps.com that are displayed on M365 Apps Page.
I tried looking at the Dynamics Platform (just wanted to check it) and at first the same apps where displayed, but then I saw that there was a sync button. After pressing it all apps disappeared from the Dynamics platform except the app I want to see it after waiting a bit it updated the M365 Apps Page aswell and now all is fine.
So apparently if someone sees or is missing Model Driven Apps then you need to synchronize your apps on the Dynamics platform, I think that they should add the same button on the M365 Apps Page, might make things easier and more clear.
Kind regards,
Billy Cottrell
User | Count |
---|---|
12 | |
4 | |
1 | |
1 | |
1 |
User | Count |
---|---|
7 | |
6 | |
4 | |
2 | |
2 |