web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Risk regarding PCF ins...
Power Apps
Answered

Risk regarding PCF installation

(0) ShareShare
ReportReport
Posted on by Community Power Pla...

Hello, 

 

I am just a regular maker and administrator of PowerApps.
As it's possible to every maker to upload PCF found over the wed and use it into their apps, I would like to know if it's safe to let code "injected" in our app. Is there any leaks risk ?

 

Thx

Categories:
Power Apps Pro Dev & ISV
I have the same question (0)
  • Verified answer
    Diana Birkelbach Profile Picture
    Diana Birkelbach 3,072 Most Valuable Professional on at

    Hi @Anonymous , 

     

    The PCF is written by a developer, and he/she is free to make requests (will run under your name), change the DOM content, so there might be a risk. That's why it's good to check the PCFs beforehand. In my opinion you always have this risk if you don't check the imported content; even if a LowCode ( CanvasComponent ) is imported, not only with the PCFs.

     

    But the PCFs cannot be free imported in the CanvasApps. First the PCF-Solution (.zip) has to be installed in your organization. For that they need the right "System Customizer", while for making Apps they need "Environment Maker". Maybe you can decide by role, who's allowed to import PCFs.

    Maybe this helps: https://docs.microsoft.com/en-us/power-platform/admin/database-security

     

    That's only my opinion. I must say that usually I just write code, and don't care about the governance. Maybe this still helps.

     

    Kind regards,

    Diana

     

  • Community Power Platform Member Profile Picture
    Community Power Pla... on at

    Thank you for your comprehensive answer.

    I will check the roles, but I fear that Environment Maker is assigned by default to all my users.

     

  • Diana Birkelbach Profile Picture
    Diana Birkelbach 3,072 Most Valuable Professional on at

    Hi @Anonymous , 

     

    That would be ok; so they can make Apps.

    I think that if they don't have the SystemCustomizer role, they cannot import the PCFs in your organization, so they cannot use them in the Apps. This way the SystemCustomizers can decide which PCFs are allowed to be used.

     

    Kind regards,

    Diana

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 721 Most Valuable Professional

#2
Michael E. Gernaey Profile Picture

Michael E. Gernaey 320 Super User 2025 Season 2

#3
Power Platform 1919 Profile Picture

Power Platform 1919 268

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans