web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / How to setup Security ...
Power Apps
Unanswered

How to setup Security Roles in order to revoke access to "create" a Power Apps Canvas Apps

(0) ShareShare
ReportReport
Posted on by DanielAmico 12

Hello,

I would like to setup a security role in my environment so that the users have access to only run a canvas app shared w/ them but I don't want them to have "create" permissions to build other canvas apps.

Is it possible? I tried different permission combinations (Dynamics Security Roles) but no matter what I try, I can't revoke the "create" canvas app permission.

 

I appreciate any help w/ this.

Many thanks, Daniel

Categories:
Governance & administering
I have the same question (0)
  • Pstork1 Profile Picture
    Pstork1 69,042 Most Valuable Professional on at

    You can do this on anything except the Default Environment.  Unfortunately, at this point you can't remove people's ability to create PowerApps or Flows in the Default environment without removing their license.  In other environments just make sure they don't have Maker or Adminsitrator security role in the Environment.

  • DanielAmico Profile Picture
    DanielAmico 12 on at

    Hi @Pstork1 , thanks for your help!

     

    Indeed if I assign only the standard "Common Data Service user" role to the users (within a environment other than the 'default'), they are not able to save apps within that environment but they still can build an app and save it to the local computer. And while they are building the app, they can still use the connections that were shared with them at the time my original "Run only App" was shared.

     

    My main goal w/ this "run only access" to the shared apps is actually to prevent the users from building apps within that environment using for instance a SQL Server connection or a CDS connection granted to them through the sharing of my "original run only app".

     

    My complete scenario is:

    1. I built an app w/ access to a SQL server table or a CDS entity and I'm implementing Role Level Security within the App itself so the users can't see all the rows within the tables.

     

    2. I want to share this app to the users but I don't want them to have access to that shared connections.

    However, currently they can do it by creating an app and using the connections within a gallery acessing all the records. Even if they can't save the app within that environment because they have only the "Common Data Service user" role assigned, it's still a security concern.

     

    I hope I could explain better the whole point w/ my initial question.

     

    Thanks! Daniel

     

     

     

     

  • Pstork1 Profile Picture
    Pstork1 69,042 Most Valuable Professional on at

    I hadn't thougth about CDS.  Normally you just remove all roles from the user in that environment.  They can still run apps that are shared with them via the link that is shared.  But without any permissions they can't even see the environment. But I haven't tried it with other roles like CDS data user.  I suspect there is no way to accomplish what you want in the current model.

  • DanielAmico Profile Picture
    DanielAmico 12 on at

    Yes, @Pstork1 , I tested it and indeed, even w/ only the "CDS user" role, the users can see the environments and, despite than can't save the apps within that environment, they could still create an app and connect to the tables that I don't want.

     

    I've also posted this question in the Dynamics Forum. Let's see if someone can provide me w/ a workaround and I'll post it here as well.

     

    Thanks, Daniel

  • Pstork1 Profile Picture
    Pstork1 69,042 Most Valuable Professional on at

    In this case, given the way MS has designed this I don't think there is a workaround.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the February Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 545 Most Valuable Professional

#2
Haque Profile Picture

Haque 314

#3
Kalathiya Profile Picture

Kalathiya 234 Super User 2026 Season 1

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans