cancel
Showing results for 
Search instead for 
Did you mean: 

Restrict users from creating PowerApps in default environment

As it has been described in the Environments Overview article, "Whenever a new user signs up for PowerApps, they are automatically added to the Maker role of the default environment". Which gives all the users the authority to create apps in this default environment and the admin literally has no way to restrict users from doing so. Which can be a nightmare in bigger enterprises from governance prespective.

 

Like in all other environments,the admin should have power to grant or restrict users App Maker role in default environment as well.

Status: Declined

Unfortunately maker restrictions in the default environment would/could negatively impact other services which depend on that environment such as integrations with SharePoint Online.

 

Additional comments on this topic were made by Manas at our webinar here:

https://www.youtube.com/watch?v=9Sy_vT5kIts 

 

Thank you for your patience, as we work to entend capabilities and governance across environments.

 

Audrie

Comments
Level: Powered On

I agree!  We have purchased PowerApps Plan 2 licenses and we are able to create environments.  Each environment has 2 Environment Roles:  Environment Admin & Environment Maker.  For the Default environment, the Maker role has Tenant listed which is what is giving everyone ability to publish PowerApps to it.  I assume that if I remove Tenant and add the individuals that I want to publish PowerApps to the default environment that will solve this problem.  However, I can't find any documentation that says this is supported or recommended!

Level: Powered On

 

Did you try doing that ? You cannot do that, it tells you "cannot delete all users in org from Environment Maker role for the default environment".

 

Level: Powered On

I did not try this.  I discussed with a MS Engineer and he adivsed against trying to remove the Tenant group from the default environment.

Level: Powered On

@Dtraynham Try this without any fear Smiley Happy, they wont let you do this. I tried it many time and ended up with an error message.

Level: Powered On

@sayatan - That is good to know.  Hopefully they put that X there so they could enable it at a future date...

Level: Powered On

Alternatively, they should allow on premise data gateway on non default environment as well as allowing to choose which environment a PowerApp modified sharepoint form resides in.

Level: Power Up

Major issue for us... If we can not control who can create PowerApps--especially connections to non-company owned cloud resources, we are disabling both PowerApps and Flow for our 100,000+ user organization. Even the Data Policies don't allow you to really mitigate the risks here.

 

The product has some awesome potential--we just need some controls over specificly which data connections can be used and who can develop/deploy these resources.

 

Level: Power Up

This is critial for enabling PowerApps at my Clients.   This is crippling the best tool Microsoft has created in the past 20 years.    AT LEAST ALLOW ONE TO REMOVE THE GROUP WITH POWERSHELL!   It makes no sense to prevent Companies from controling this.  

Level: Power Up

We're in the same position - we're not going to roll out PowerApps untill we have a way of preventing everyone from creating them everywhere.

Level: Power Up

Same problem but only worse.

I have completed an App which connects to a local DB using the Gateway Connector. When the user (with use only permission for the app) opens powerapps he can:

1. use the app, which is perfect
and

2. CREATE A NEW APP USING THE LOCAL DB CONNECTION I used over the previously shared app.

 

This is a major problem due to the fact that the user could create a new app that DELETES information on the DB.

 

Horrible problem. Hope it finds a solution.