cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
BillYoung-arm
Helper III
Helper III

Creating a custom production environment

Hi! Can anyone confirm that creating a custom Production environment with all users only having use rights (no Maker rights) is appropriate, and also can you indicate what the process is to achieve this? This would be in addition to Dev & Test environments with limited Maker access.

I'm struggling to get a straight answer to this elsewhere and I can't find answers in the documentation.

Thanks

11 REPLIES 11

Thanks again Sik

It's the "assign them a security role" bit that's a problem.

I ended up recreating the environment without a SG. This populated the "Enabled users" list with all of the users, who are also in one Team. I then added the "minimum security" role to the environment and assigned it to that team, however, this hasn't subsequently assigned any user roles to any of the Enabled Users, which is what I was expecting/hoping for.

 

The only thing that I can think of that I haven't tried is recreating the environment with the "Everyone" security group.

 

Any comments/further suggestions you have would be great. Thanks again!

Bill

 

Hi all!

Following a Christmas break, I'm still trying to pursue an understanding of custom environments

As mentioned previously, I’m trying to create a custom Power Apps Production environment in which all of our staff can view and run apps from, yet they don’t have any maker rights to amend those apps. We additionally will have custom Test and Dev environments to support this.

 

I now believe that I have to create the custom environment without a Security group. It seems SGs can't be nested. Adding "Everyone" didn't work but creating one without an SG, added all tenancy users as "Enabled users" to the environment.

As they were subseqently all also members of the Team and "Business Unit" I thought that this would solve my problem. I then created a “min priv apps use” Role (as shown here: https://docs.microsoft.com/en-us/power-platform/admin/database-security) and assigned both this and the CDS user roles to the Team (I believe that only the first one should necessary).

 

My Dynamics colleagues tell me that this is usual, as the Enabled Users inherit the roles from the Team they are a member of, even though this isn’t apparent on their individual records. However, when tested, I would then expect that all “Enabled Users” are able to see that custom environment listed in their Power Apps studio. This isn’t the case

 

At the moment, I believe that I’ve tried every possible configuration. However, I’m not clear if:

a/ I’m trying to create an inappropriate environment configuration or

b/ I’m doing something wrong in the creation/set up

 

With regard to a/:

Can anyone confirm that this is a common approach and configuration?

If so, could you outline the steps to achieve this?

If you have other comments or suggestions, that would be great also

Thanks again all

Helpful resources

Announcements
Microsoft 365 Conference – December 6-8, 2022

Microsoft 365 Conference – December 6-8, 2022

Join us in Las Vegas to experience community, incredible learning opportunities, and connections that will help grow skills, know-how, and more.

Users online (1,230)