cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
LeeHarris
Solution Sage
Solution Sage

Is it possible to restrict access to CDS Data Source in a different environment

‎07-18-2019 07:53 AM

Hi All,

I was wondering if it is possible to restrict access to another Environment's CDS if the app being developed is in a different Environment?

For example

User 1 is an Admin and has full rights to create Apps in the Production Environment.

User 2 is an end user and has the Environment Maker role in the Sandbox Environment.

User 2 has Read/Create/Update/Delete access to entities in both Sandbox Environment and Production Environment.

User 2 creates an app in Sandbox Environment and defines a connection to CDS in Production Environment.

User 2 can now affect records in Production Environment from their app.

 

Is it possible for the above to happen, and if so is there a way that it can be prevented? Ideally, User 2 would create their app in the Sandbox Environment against the sandbox CDS. When they are happy with it, they submit it to User 1 (Admin) for deployment to the Production Environment. I know that there is a "Current Environment" option when defining the CDS data source within PowerApps but the option for choosing any environment is still available. To be clear I don't want to restrict the Users access to the entities in Production, just prevent them creating data source connections to it from another Environment.

 


Did I answer your question? Mark my post as a solution!

Proud to be a Flownaut!


Follow me on Twitter at @QG_LeeJHarris

Or on LinkedIn at in/leejharris

Labels:
Message 1 of 3
386 Views
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
v-xida-msft
Community Support
Community Support

‎07-19-2019 01:24 AM

Hi @LeeHarris ,

Do you want to prevent the users from creating a connection to CDS in Production environment within their Sandbox Environment?

Which Security role does the user have to your Production environment?

 

If the users have proper security role of your Production environment, and have appropriate permission to access the CDS in your Production environment, he would be able to create a connection to the CDS in your Production environment from any other different environments under same tenant.

Currently, within PowerApps, there is no way to prevent the users who has enough permission to the CDS in your Production Environment from creating a connection to CDS in Production environment within their Sandbox Environment (Different environment).

 

Best regards,

Community Support Team _ Kris Dai
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Message 2 of 3
372 Views
2 REPLIES 2
v-xida-msft
Community Support
Community Support

‎07-19-2019 01:24 AM

Hi @LeeHarris ,

Do you want to prevent the users from creating a connection to CDS in Production environment within their Sandbox Environment?

Which Security role does the user have to your Production environment?

 

If the users have proper security role of your Production environment, and have appropriate permission to access the CDS in your Production environment, he would be able to create a connection to the CDS in your Production environment from any other different environments under same tenant.

Currently, within PowerApps, there is no way to prevent the users who has enough permission to the CDS in your Production Environment from creating a connection to CDS in Production environment within their Sandbox Environment (Different environment).

 

Best regards,

Community Support Team _ Kris Dai
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Message 2 of 3
373 Views
LeeHarris
Solution Sage
Solution Sage
In response to v-xida-msft

‎07-19-2019 01:27 AM

Hi @v-xida-msft 

"Currently, within PowerApps, there is no way to prevent the users who has enough permission to the CDS in your Production Environment from creating a connection to CDS in Production environment within their Sandbox Environment (Different environment)."

This was the confirmation I needed, thank you. I will raise it on the ideas board as it would be useful to be able to allow people access to develop their own applications within a sandbox environment that matches production without running the risk of them affecting any live data.

 


Did I answer your question? Mark my post as a solution!

Proud to be a Flownaut!


Follow me on Twitter at @QG_LeeJHarris

Or on LinkedIn at in/leejharris

Message 3 of 3
370 Views
0 Kudos

Helpful resources

Announcements
PA User Group

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group

Power Query PA Forum 768x460.png

Check it out!

Did you know that you can visit the Power Query Forum in Power BI and now Power Apps

V3_PVA CAmpaign Carousel.png

Community Challenge - Giveaways!

Participate in the Power Virtual Agents Community Challenge

Carousel 2021 Release Wave 2 Plan 768x460.jpg

2021 Release Wave 2 Plan

Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.

Carousel April Dunnam Updated 768x460.jpg

Urdu Hindi D365 Bootcamp

Dont miss our very own April Dunnam’s The Developer Guide to the Galaxy! Find out what the Power Platform has to offer for the traditional developer.

View All
Users online (2,379)