Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Power Platform Community / Forums / Microsoft Dataverse / Limit dataverse access...
Microsoft Dataverse
Suggested answer

Limit dataverse access across different environments

(2) ShareShare
ReportReport
Posted on by pmesiha 46
Consider the following scenario:
  • A custom Power Platform environment is hosting production data in Dataverse, the Dataverse is secured by custom security roles to allow only specific users to create/edit through a custom Canvas App. Users doesn't have access to create apps/flows within this environment.
  • Users have default "App Maker" access on default environment where users can create apps/flows.
  • with the recent dataverse connector features, now you can connect to a table from a different environment via an App/Flow (Check below).
  • How can i limit users from being able to access the data in the production environment and make edits, the custom Power App include lots of business rules that needs to be followed, and once the user have access to a record, they can manipulate its data via an app in a different environment.

Here is what i looked into so far, but no proper solution:
  • DLP policies
  • Specific permissions to disallow cross environment
  • Converting all Creation/Edits to be run via Power Automate (Running with elevated access) could work, but it is so much work to do.
 
 
Categories:
Microsoft Dataverse
Tables
  • CU18101443-0 Profile Picture
    CU18101443-0 3 on at
    Limit dataverse access across different environments
    Let me rephrase it, please read carefully and do not reply if you don't understand.
     
    Imagine scenario with User 1.
     
    1) User 1 is maker in Default Environment.
    2) User 1 is application user in Production Environment. He has CRUD access to Custom Tables as per his need  assigned via Security Role.
    3) User 1 has NO rights to create Flows / Apps in Production Environment.
    4) User 1 creates a flow in Default Environment that leverages Dataverse Connector to edit rows in Production Environment.

    How can we restrict Apps / Flows accessing other environments than the one they were created in?
  • pmesiha Profile Picture
    pmesiha 46 on at
    Limit dataverse access across different environments
    @FLMike, for some reason some browser weren't showing the details of the question. i adjusted the formatting and now it appears in Chrome/Edge.
     
    What I am trying to solve is disallowing users to build their own apps that connect to data (they have access to) on a different environment, All Dataverse connectors now allows connecting to a table on a different environment, in in my case, users need access to such data , but it needs to be viewed/edited via a Power App which have extra business rules that needs to be maintained.
     
    Please review the scenario above and let me know.
     
    We already using groups to limit access to the env., but this don't solve the problem as users need access to such data. but still have "App Maker" on default environment,
  • FLMike Profile Picture
    FLMike 28,855 on at
    Limit dataverse access across different environments
    Weird that 2 more people post, just to ask the same thing I asked :-)
     
    If you want to limit access to Dataverse, then you need to add a Security Group to the Environment and it will limit access to those added there.
     
    But by default, people have no roles in Dataverse, even if they have a license, so they are restricted from doing anything at all.

    But I was able to snag a screenshot before it poofed.

    The issue is, a person doesnt just "have access", you must grant it, so I am not sure why you built an App that purposely connectors to another environments Dataverse (using what connector??? since the OOB ones wont do that. are you using the HTTPS connector?)

    Anyway I do not really follow what you are asking and why because all you have to do is NOT grand them permission.
    As for access to data, never give users access to a single App that connectors to multiple envioronments.

    So right now I don't know how or why you have an issue, unless yuou are blanketly giving access to everyone to every environment. That's fine if you are, but you still have to give them access to the data or yes, use a Flow to have another account do the work, as long as the user has a DV license, then thats it.


  • Shashank Bhide Profile Picture
    Shashank Bhide 874 on at
    Limit dataverse access across different environments
    your question need more details plz
  • Suggested answer
    ankit_singhal Profile Picture
    ankit_singhal 305 on at
    Limit dataverse access across different environments
    Please explain your issue. Also, each environment have different dataverse database. if you have any permission issue in dataverse the check security roles
     
     
    Note: Please mark verified, if it is helpful for you   
  • Suggested answer
    FLMike Profile Picture
    FLMike 28,855 on at
    Limit dataverse access across different environments
    Hi
     
    I am not sure what you are asking? Dataverse is part of a single environment, not many.
     
    So what are you asking?

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

September 2024 Newsletter…

September 2024 Community Newsletter…

Community Update Sept 16…

Power Platform Community Update…

Tuesday Tip #2 Global Search…

Welcome to a brand new series, Tuesday Tips…

more Community News

Leaderboard

#1
WarrenBelz Profile Picture

WarrenBelz 142,008

#2
RandyHayes Profile Picture

RandyHayes 76,308

#3
Pstork1 Profile Picture

Pstork1 63,531

Leaderboard

Featured topics

Product updates

Microsoft Power Platform Community release plans