cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
DanielAmico
Level: Powered On

How to setup Security Roles in order to revoke access to "create" a Power Apps Canvas Apps

Hello,

I would like to setup a security role in my environment so that the users have access to only run a canvas app shared w/ them but I don't want them to have "create" permissions to build other canvas apps.

Is it possible? I tried different permission combinations (Dynamics Security Roles) but no matter what I try, I can't revoke the "create" canvas app permission.

 

I appreciate any help w/ this.

Many thanks, Daniel

5 REPLIES 5
Dual Super User
Dual Super User

Re: How to setup Security Roles in order to revoke access to "create" a Power Apps Canvas Apps

You can do this on anything except the Default Environment.  Unfortunately, at this point you can't remove people's ability to create PowerApps or Flows in the Default environment without removing their license.  In other environments just make sure they don't have Maker or Adminsitrator security role in the Environment.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.
DanielAmico
Level: Powered On

Re: How to setup Security Roles in order to revoke access to "create" a Power Apps Canvas Apps

Hi @Pstork1 , thanks for your help!

 

Indeed if I assign only the standard "Common Data Service user" role to the users (within a environment other than the 'default'), they are not able to save apps within that environment but they still can build an app and save it to the local computer. And while they are building the app, they can still use the connections that were shared with them at the time my original "Run only App" was shared.

 

My main goal w/ this "run only access" to the shared apps is actually to prevent the users from building apps within that environment using for instance a SQL Server connection or a CDS connection granted to them through the sharing of my "original run only app".

 

My complete scenario is:

1. I built an app w/ access to a SQL server table or a CDS entity and I'm implementing Role Level Security within the App itself so the users can't see all the rows within the tables.

 

2. I want to share this app to the users but I don't want them to have access to that shared connections.

However, currently they can do it by creating an app and using the connections within a gallery acessing all the records. Even if they can't save the app within that environment because they have only the "Common Data Service user" role assigned, it's still a security concern.

 

I hope I could explain better the whole point w/ my initial question.

 

Thanks! Daniel

 

 

 

 

Dual Super User
Dual Super User

Re: How to setup Security Roles in order to revoke access to "create" a Power Apps Canvas Apps

I hadn't thougth about CDS.  Normally you just remove all roles from the user in that environment.  They can still run apps that are shared with them via the link that is shared.  But without any permissions they can't even see the environment. But I haven't tried it with other roles like CDS data user.  I suspect there is no way to accomplish what you want in the current model.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.
DanielAmico
Level: Powered On

Re: How to setup Security Roles in order to revoke access to "create" a Power Apps Canvas Apps

Yes, @Pstork1 , I tested it and indeed, even w/ only the "CDS user" role, the users can see the environments and, despite than can't save the apps within that environment, they could still create an app and connect to the tables that I don't want.

 

I've also posted this question in the Dynamics Forum. Let's see if someone can provide me w/ a workaround and I'll post it here as well.

 

Thanks, Daniel

Dual Super User
Dual Super User

Re: How to setup Security Roles in order to revoke access to "create" a Power Apps Canvas Apps

In this case, given the way MS has designed this I don't think there is a workaround.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Helpful resources

Announcements
thirdimage

Power Automate Community User Group Member Badge

Fill out a quick form to claim your user group badge now!

sixthImage

Power Platform World Tour

Find out where you can attend!

Power Platform 2019 release wave 2 plan

Power Platform 2019 release wave 2 plan

Features releasing from October 2019 through March 2020

fifthimage

Microsoft Learn

Learn how to build the business apps that you need.

Users Online
Currently online: 300 members 5,442 guests
Please welcome our newest community members: