web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
🚀 Season of Sharing Community Challenge Launch!
Ask A Community Pro - Series II
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Restricting users from...
Power Apps
Answered

Restricting users from creating powerapps

(1) ShareShare
ReportReport
Posted on by Community Power Pla... Microsoft Employee

Right now we globally allow all users access to all applications. What I want is to restrict users from creating Flows and PowerApps, but still allow them to use those features.  Examples:  If I publish a PowerApp and share it with all users, I want them to be able to use the published app.  With Flows, this is where the new approval process is built, so a user needs to access their Approvals but not allowed anything else. 

 

What is possible with this and what is not? 

Categories:
Building Power Apps
I have the same question (0)
  • Sienna Profile Picture
    Sienna 1,532 on at

    Good question. I also wanted to ask this

  • Verified answer
    v-monli-msft Profile Picture
    v-monli-msft Microsoft Employee on at

    Hi @Anonymous,

     

    If you would like the user not be able to create App in the environments, then you may remove the user from the Environment Admin and the Environment Maker, only share the App (set with Can use permission) created in the Environments with the user.

    Doing in this way would have those users only be able to use the App shared with them, but have no rights to create new app in the corresponding Environments.

     

    For now, permission configured through the environments have two roles:

    Environment Admin, Environment Maker.

    Please check the Manage security for your environments part in the following article for more details:

    Environments administration in PowerApps

    "

    The Environment Maker role can create resources within an environment including apps, connections, custom connectors, gateways, and flows using Microsoft Flow. Environment Makers can also distribute the apps they build in an environment to other users in your organization. They can share the app with individual users, security groups, or all users in the organization. For more information, seeShare an app in PowerApps.

    "

     

    If your company wishes to restrict the use of organizational-only data inside of Microsoft Flow, that is possible through Data loss prevention (DLP) policies.

    Data loss prevention (DLP) policies

    https://docs.microsoft.com/en-us/flow/prevent-data-loss

     

    Any individual can try out the paid features of Microsoft Flow for 90 days, and incur no costs. However, you can fully manage the assignment of the perpetual paid licenses inside of your organization through the Office 365 admin portal.

     

    For your reference:

    https://docs.microsoft.com/en-us/flow/organization-q-and-a

     

    Regards,

    Mona

     

  • geraint Profile Picture
    geraint 58 on at

    This doesn't work for the Default environment though. Which is the one that gets used to customize SharePoint list forms.

     

    Do you have a timeline for resolving this? 

  • rorybi Profile Picture
    rorybi 69 on at

    I agree.  Restricting it for environments people don't have access to in the first place isn't really a restriction.  This needs to be sorted fast or enterprises won't be able to use PowerApps

  • Community Power Platform Member Profile Picture
    Community Power Pla... Microsoft Employee on at

    This is really a useless design from an enterprise perspective of course we need to have the possibility let the users use apps without providing the ability to create the apps, microsoft should introduce this feature ASAP

  • SimonP Profile Picture
    SimonP 44 on at

    This is not a solution. PowerApps still does not allow the 'all users' group to be removed from the makers role in the default environment, meaning users will always be able to create apps.

    For organisations such as mine that want to manage all their apps then this is a showstopper. It means that despite the huge potential benefits of PowerApps we cannot use it!

     

    Maybe Microsoft believe that this access policy promotes viral uptake of their product? But in some cases it's counter productive and prevents uptake, particularly from larger and more regulated organisations. Give us control of our environments please Microsoft.

  • Community Power Platform Member Profile Picture
    Community Power Pla... Microsoft Employee on at

    Can this be UNmarked as "Solved". This is preventing our enterprise from rolling out PowerApps.

  • AshMSport Profile Picture
    AshMSport 36 on at

    We are using PowerApps for O365 license which comes with the default environment and does not give the option to manage security for environments. Is there any way to give users 'Can use' permission?

    PowerAppsAdmin.JPG
  • geraint Profile Picture
    geraint 58 on at

    The last time I checked, anyone with a PowerApps licence had 'Maker' access to the default environment, which cannot be changed, as it seems to be by design. Which means that anyone in an O365 / Teams Members group will be able to customise Sharepoint list forms, except where you've broken inheritance on those lists and libraries and dropped the Groups permission down to contribute. If you're not comfortable with this, then I believe you can either remove people's licences (although they may still be able to sign-up for a trial unless you run certain powershell scripts) or start familiarising yourself with the PowerApps and Flow audit events that have just become available in the O365 Security & Compliance cnetre.

    Based on the screenshot you just sent though, I would strongly suggest you setup a DLP policy to separate your business data from non-business. There should be a link earlier in the thread to explain this.

  • Community Power Platform Member Profile Picture
    Community Power Pla... Microsoft Employee on at
    This doesn't work for the default environment. So you cannot keep users from creating PowerApps.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
🚀 Season of Sharing Community Challenge Launch!
Ask A Community Pro - Series II

Quick Links

Season of Sharing Community Challenge Launch!

Jump in, show your community spirit, and win prizes!

Kudos to our 2025 Community Spotlight Honorees

Expanding mentorship, skilling, and AI innovation

Congratulations to the May Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
Valantis Profile Picture

Valantis 474

#1
Valantis Profile Picture

Valantis 474

#3
WarrenBelz Profile Picture

WarrenBelz 375 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans