web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Power Platform user ro...
Power Apps
Unanswered

Power Platform user roles - Change resonates to all environments?

(0) ShareShare
ReportReport
Posted on by VilPel 287

Hello all,

 

I have a Power Platform architecture where I'm developing a canvas app in environment DEV, and pushing a managed solution package to environment PROD every once in a while. My problem/question is with the user roles as I'm using Dataverse as my data source and I need to ensure row-level security in the PROD environment as the content in there is very confidential. 

 

Let's say Developer A develops the canvas app solution and database in environment DEV so they need the "System administrator" user role. I don't want Developer A to have "System administrator" user role in environment PROD as the admin user role has full access to Dataverse tables in the environment.

 

For some reason I have seen behavior where assigning admin role in the DEV environment also resonates to the PROD environment even though the PROD environment user roles weren't touched in the PROD environment. 

 

Is it supposed to work like that? Is there any way I could control the user roles so that they don't resonate between environments?

 

Thanks in advance,

 

Ville

 

 

Categories:
Governance & administering
I have the same question (0)
  • Devikumari Krishna Profile Picture
    Devikumari Krishna 988 Super User 2024 Season 1 on at

    Hi @VilPel ,

    The user role from one environment may not get resonated to another environment as part of solution movement.

     

    Please login as admin into https://admin.powerplatform.microsoft.com

    Click on Environment

    Choose the prod environment

    Navigate to Settings->Users+Permissions->Users.

    Select the user.

     

    or

    Login to https://make.powerapps.com/

    Choose the environment. Navigate to Settings->Advanced Settings

    Navigate to Security->Users->Choose the User ->Manage Roles

     

    Remove security role that grants the specific user full access on records.

    DeviKrishna_0-1645001141519.png

     

    -------------------------------------------------------------------------
    If I have answered your question, please mark your post as Solved.
    If you like my response, please give it a Thumbs Up.

    My Blog: Dynamics 365 Key Topics – https://d365topicsbydk.com/

    My YouTube Channel : https://www.youtube.com/channel/UCxSIryP2ah2VpEFr-Z72t1A

     

    Regards
    Devi

     

     

  • VilPel Profile Picture
    VilPel 287 on at

    Hi,

     

    Thank you for the quick response. So you are saying that the solution movement is NOT the cause for this issue? Do you have an idea what could it be then? Something to do with Office 365 user roles?

     

    Ville

  • Devikumari Krishna Profile Picture
    Devikumari Krishna 988 Super User 2024 Season 1 on at

    Hi @VilPel ,

     

    Yes. Definitely not solution movement. Follow my steps below and check the security role once. If System admin access is there - remove that access in prod environment for the user.

     

    -------------------------------------------------------------------------
    If I have answered your question, please mark your post as Solved.
    If you like my response, please give it a Thumbs Up.

    My Blog: Dynamics 365 Key Topics – https://d365topicsbydk.com/


    My YouTube Channel : https://www.youtube.com/channel/UCxSIryP2ah2VpEFr-Z72t1A

     

    Regards
    Devi

  • VilPel Profile Picture
    VilPel 287 on at

    Hi,

     

    Yes, I know how to remove the admin role in the PROD environment. But the problem is I have to do it pretty often as the roles seem to resonate to the PROD environment for some reason. 

     

    I just did a test 30 minutes ago where I unassigned all system admin roles from the PROD environment but after a while the system admin role was assigned automatically to one of the developers in the PROD environment. I asked what actions did he do in the DEV environment during that period and he said he only create a new canvas app in the DEV environment and extended his Power Apps trial.

     

    Could it also be that the developer's user has the following admin roles in Office 365?

    powerplatform.png

     

    Ville

  • Devikumari Krishna Profile Picture
    Devikumari Krishna 988 Super User 2024 Season 1 on at

    Hi @VilPel ,


    At tenant level the developer has power platform admin access(full access on Dynamics 365 , power automate and Powerapps).Remove this access.

    I suggest you create a security group and assign it to Prod environment. Only members who belong to that group can access P system. Assign the developer ID which is required to do deployments to the same group. Developer ID can have only system admin and environment admin access enabled for him in Prod environment.

    -------------------------------------------------------------------------
    If I have answered your question, please mark your post as Solved.
    If you like my response, please give it a Thumbs Up.

    My Blog: Dynamics 365 Key Topics – https://d365topicsbydk.com/


    My Youtube Channel : https://www.youtube.com/channel/UCxSIryP2ah2VpEFr-Z72t1A

     

    Regards
    Devi

     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 717 Most Valuable Professional

#2
Michael E. Gernaey Profile Picture

Michael E. Gernaey 329 Super User 2025 Season 2

#3
Power Platform 1919 Profile Picture

Power Platform 1919 268

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans