cancel
Showing results for 
Search instead for 
Did you mean: 

Restrict users from creating PowerApps in default environment

As it has been described in the Environments Overview article, "Whenever a new user signs up for PowerApps, they are automatically added to the Maker role of the default environment". Which gives all the users the authority to create apps in this default environment and the admin literally has no way to restrict users from doing so. Which can be a nightmare in bigger enterprises from governance prespective.

 

Like in all other environments,the admin should have power to grant or restrict users App Maker role in default environment as well.

Status: Declined

Unfortunately maker restrictions in the default environment would/could negatively impact other services which depend on that environment such as integrations with SharePoint Online.

 

Additional comments on this topic were made by Manas at our webinar here:

https://www.youtube.com/watch?v=9Sy_vT5kIts 

 

Thank you for your patience, as we work to entend capabilities and governance across environments.

 

Audrie

Comments
Level: Powered On

This is so very frustrating. I agree with a comment above that this is one of the most exciting products or tools that Microsoft has developed and this restriction absolutely kills our ability to use this product. I urge you to reconsider and develop some clear lines between app creation and consumption.

Level: Powered On

I would have to agree with Microsoft on this. Yes, we have to be proactive in monitoring the environment and the tools to do that...are a bit lacking. So I created my own PowerApp to manage PowerApps, Flows, Environments, etc.

Now people might say, why? Seems like a lot of work to do all of that. Ok, well let's reverse it. Lets block everyone and require them to request access. Ok, so then we need to build a system to request access to make a PowerApp. Seems like a lot of work to allow people to customize a SharePoint list. So then people might say, let's only allow SharePoint list forms to be created! Well when they create a SharePoint List app, they can still connect to any data source...

So instead of trying to block people, I am monitoring. I have over 345 apps created at our organization in 6 months. How many are shared with anyone? 32. How many are shared with more than 10 people? 5. Seems to be a pretty low risk to me so far. I have a flow that sends me an email with all of the new Flows and PowerApps created weekly. I also check Flow runs weekly, found one last week that ran 1.25 million times in 11 days, so I granted myself access and disabled it. Reviewed it, told the user how to fix it. I talked with our Global Security team and we decided that for now, only apps shared with more than 15 users (which we can change that number later on) will we be concerned with at this time. Those apps will require a design document, acceptance of our data usage and security policy, approval from their manager, and finally approval from our team. There will be a full Application LifeCycle Management system in place that our team will build to ensure critical apps are built following best practices, our guidelines, and in a supportable fashion by the developer and IT.

 

Our organization has over 15k+ people, so we are not a small company. PowerApps empowers users to update simple forms in SharePoint with additional custom logic and possibly data from other locations. IT needs to quit being the road-block to the business, instead figure out the best way to empower them. Otherwise rogue IT will occur because your users are disgruntled. They now see us as a bureacracy of red tape that slows everything down.

 

Think outside the box, instead of saying "No", figure out a way to say "Yes".

 

*Gets off soap-box*