cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Advocate IV
Advocate IV

How to setup Security Roles in order to revoke access to "create" a Power Apps Canvas Apps

Hello,

I would like to setup a security role in my environment so that the users have access to only run a canvas app shared w/ them but I don't want them to have "create" permissions to build other canvas apps.

Is it possible? I tried different permission combinations (Dynamics Security Roles) but no matter what I try, I can't revoke the "create" canvas app permission.

 

I appreciate any help w/ this.

Many thanks, Daniel

5 REPLIES 5
Highlighted
Dual Super User III
Dual Super User III

You can do this on anything except the Default Environment.  Unfortunately, at this point you can't remove people's ability to create PowerApps or Flows in the Default environment without removing their license.  In other environments just make sure they don't have Maker or Adminsitrator security role in the Environment.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.
Highlighted

Hi @Pstork1 , thanks for your help!

 

Indeed if I assign only the standard "Common Data Service user" role to the users (within a environment other than the 'default'), they are not able to save apps within that environment but they still can build an app and save it to the local computer. And while they are building the app, they can still use the connections that were shared with them at the time my original "Run only App" was shared.

 

My main goal w/ this "run only access" to the shared apps is actually to prevent the users from building apps within that environment using for instance a SQL Server connection or a CDS connection granted to them through the sharing of my "original run only app".

 

My complete scenario is:

1. I built an app w/ access to a SQL server table or a CDS entity and I'm implementing Role Level Security within the App itself so the users can't see all the rows within the tables.

 

2. I want to share this app to the users but I don't want them to have access to that shared connections.

However, currently they can do it by creating an app and using the connections within a gallery acessing all the records. Even if they can't save the app within that environment because they have only the "Common Data Service user" role assigned, it's still a security concern.

 

I hope I could explain better the whole point w/ my initial question.

 

Thanks! Daniel

 

 

 

 

Highlighted

I hadn't thougth about CDS.  Normally you just remove all roles from the user in that environment.  They can still run apps that are shared with them via the link that is shared.  But without any permissions they can't even see the environment. But I haven't tried it with other roles like CDS data user.  I suspect there is no way to accomplish what you want in the current model.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.
Highlighted

Yes, @Pstork1 , I tested it and indeed, even w/ only the "CDS user" role, the users can see the environments and, despite than can't save the apps within that environment, they could still create an app and connect to the tables that I don't want.

 

I've also posted this question in the Dynamics Forum. Let's see if someone can provide me w/ a workaround and I'll post it here as well.

 

Thanks, Daniel

Highlighted

In this case, given the way MS has designed this I don't think there is a workaround.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Helpful resources

Announcements
Community Conference

Power Platform Community Conference

Check out the on demand sessions that are available now!

News & Announcements

Community Blog

Stay up tp date on the latest blogs and activities in the community News & Announcements.

secondImage

Power Platform 2020 release wave 2 plan

Features releasing from October 2020 through March 2021

Community Highlights

Community Highlights

Check out the Power Platform Community Highlights

Top Kudoed Authors
Users online (7,149)