web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Best Practice on setti...
Power Apps
Unanswered

Best Practice on setting up Environments for large organization

(0) ShareShare
ReportReport
Posted on by Community Power Pla...

We have over 5000 people in our organization. Got maybe 40 different departments that want to use PowerApps to develop something. 

1)Is it wise to create 40 different Dev Environments based on Departments and 40 different Production Environments?

2) Is that easy for environment admin to manage?

3)Or what is the best way to set up this structure?

4) each department's app will not be exposed to other departments, but if they do want to share it, are they able to share that app only and not the whole environment?

 

Each dept maybe got like 2-3 developers. 

Categories:
Governance & administering
I have the same question (0)
  • v-yutliu-msft Profile Picture
    v-yutliu-msft on at

    Hi @Anonymous ,

    Firstly, I don't think you need to create so many environments.

    I suggest you create 2 environments, one for development, one for production.

    And then you give diffrent perimission to different deparments.

    For example, make admins have permission to all environments ,developers have permission to delevopment environment, common users have permission to production environment.

     

    Secondly, manage envrionment is not so hard.

    The most impromant thing is managing security role(permission) and DLP (data loss policy).

    DLP is used to prevent information's security.An organization's data must be protected so that it isn't shared with audiences that should not have access to it.

    Here are docs about how to manage environment in details for your reference:

    https://docs.microsoft.com/en-us/power-platform/admin/environments-administration

    https://docs.microsoft.com/en-us/power-platform/admin/database-security

     

    Thirdly, if departmentA do not have access to one app, while departmentB have.

    DepartmentB could share the app to A and give A access to run or edit.

    User could only share app not share environment.

     

     

    Best regards,

  • Community Power Platform Member Profile Picture
    Community Power Pla... on at
    So do I grant the 40 developers environment admins in the dev ? Or they would be environment makers?

    If I grant them environment admins. They are able to modify all other developments apps?

    What permission do I grant common users in production?
  • Hayes3d Profile Picture
    Hayes3d 91 on at

    Best Practice for almost any application development is to have 3 environments. If you are developing an application and need people to test it while you make changes, you need a QA environment.

     

    Also, think of an environment like a security container. Is there anything contained within it that you don't want other developers to leverage? Data in the CDS? A connector to SQL that is shared with everyone for read access? If you make a developer a maker in the environment, they can have access to that data if permissions are not setup correctly. Maybe you have different requirements for DLP policies for different groups. Example: Communications wants the ability to use Flow with Twitter and save data to a SharePoint list. If I separate Twitter and Office 365 into business and non-business, they can't. So I need a custom environment just for them and that DLP policy.

     

    I would say do what is best for you, I know I am creating 3 environments for each large department. Creating a default DLP template that I apply to each one, and then make changes as needed. Limiting yourself to just a few environments for an entire organization is like saying, use 2 Site Collections in SharePoint for all sites and just manager permissions at the list/library, folder, subsite level. You will run into problems down the road.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 711 Most Valuable Professional

#2
Michael E. Gernaey Profile Picture

Michael E. Gernaey 319 Super User 2025 Season 2

#3
Power Platform 1919 Profile Picture

Power Platform 1919 268

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans