Sharing Canvas app in an Environment secured by a AAD Security Group
We are securing environment access using Environment SG. When we share a Canvas app that has no CDS connection, We are able to share it with users outside the Environment SG. Is this an expected behavior? Shouldn't it be restricted to users in the Environment SG?
Security group control access to environments, meaning ability to build things, and consumme data stored (all ot this tied to security roles of course). But apps can always be shared with anyone in the tenant.
It's very similar to what you have in Sharepoint : even if a limited set of users access the site ( = powerapps env), you can still decide to share some specific files (= apps here) with any other user.