web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Licencing Guest Users ...
Power Apps
Unanswered

Licencing Guest Users for Dataverse/Model Driven App

(1) ShareShare
ReportReport
Posted on by pp365 439
Hi all,
 
I've had a look around and have seen similar questions to the below but mostly regarding SharePoint as a data source whereas this will be Dataverse. Also, the vast majority of the posts are not marked as Solved, so I'm hoping someone can advise.
 
Scenario:

A model driven app, with Dataverse hosted data.
User A with credentials within the host tenant: standard: Power Apps Premium licence.
User B without host tenant credentials, but with a Microsoft account as an employee at an institution with a Microsoft tenancy.

Question:

Can the model driven app (and the underlying data) be shared with user B?

Proposed solution:

As proposed in Matthew Devaney’s blog article (albeit that references SharePoint as the data source);
  1. Add the Guest User to the host tenant, within an Entra group (“Group B”).
  2. Licence any member of Group B to inherit a Power Apps Premium Licence.
  3. Assign the appropriate security roles and share the model driven App with Group B.
Does this work, or is another approach required (and if so please could you share details)?
 
Many thanks for your help!
Categories:
Building Power Apps
I have the same question (0)
  • pp365 Profile Picture
    pp365 439 on at
    (Moving to the correct forum area)
  • pp365 Profile Picture
    pp365 439 on at
    Can anyone assist with this? It must be a fairly standard use case so I am hoping there are some experts out there who have encountered this before. Many thanks in advance for your help.
  • AndrewR1 Profile Picture
    AndrewR1 1,572 Moderator on at
    Your proposed solution is mostly on the right track, but there are some important nuances when sharing a Model-Driven App with external users (Guest Users) in Dataverse. Here's a breakdown of what works and what might need adjustment.

    1. Guest User Access to Dataverse

    • Guest users in Microsoft Entra ID (formerly Azure AD) can be granted access to Power Apps and Dataverse, but Dataverse permissions for external users are limited.
    • Unlike SharePoint, Dataverse does not natively support guest access without additional configuration.

    2. Power Apps Licensing for Guests

    • Each guest user must have a Power Apps Premium license (either assigned in the host tenant or via their home tenant with a per-app/per-user plan).
    • Simply assigning a license to an Entra group does not automatically grant guest users a license in Dataverse. The Power Apps per-app/per-user license must be explicitly assigned.

    3. Security & Sharing the Model-Driven App

    • Adding the guest user to an Entra group ("Group B") is good practice for security role management.
    • Ensure that the guest user has appropriate security roles in Dataverse (at least Read access to the necessary tables).
    • Guest users might face issues with Model-Driven Apps because their security roles don’t always apply correctly. You might need to assign permissions directly instead of relying solely on the Entra group.

    4. Recommended Approach

    1. Invite User B as a Guest to the Host Tenant using Microsoft Entra ID.
    2. Assign Power Apps Premium licensing to the guest user in one of these ways:
      • A per-user Power Apps license assigned to them directly.
      • A per-app Power Apps license covering the specific Model-Driven App.
    3. Assign Dataverse Security Roles:
      • Ensure they have appropriate security roles (custom role if needed) that grant table access.
      • Test access with minimal privileges first to avoid excessive permissions.
    4. Share the Model-Driven App with Group B.
    5. Have User B log in using their guest credentials at make.powerapps.com and test their access.

    Alternative Option: Power Pages

    • If the goal is external user access, consider Power Pages instead of a Model-Driven App. Power Pages is designed for external users without requiring full Dataverse access.

    Final Answer

    ✅ Yes, a guest user can access the Model-Driven App with Dataverse, but:

    • Licensing must be explicitly assigned.
    • Security roles in Dataverse need careful configuration.
    • Model-Driven Apps are not as guest-friendly as SharePoint-based apps.
    • Consider Power Pages if external access is a frequent requirement.
  • pp365 Profile Picture
    pp365 439 on at
     
    Hi @AndrewR1 ,
     
    Thank you very much for this very comprehensive response (even if it's not a straightforward 'Yes, that will work' :) !) .
     
     
    • Simply assigning a license to an Entra group does not automatically grant guest users a license in Dataverse. The Power Apps per-app/per-user license must be explicitly assigned.
     
    We are already working with using Entra groups to assign Power Apps licences to internal users and this works fine. Is there a reason this does not work in the same way when working with guest users? Perhaps it would be optimum to get their host tenant to assign a Power Apps Premium licence at source which would then carry over?
     
    • Guest users might face issues with Model-Driven Apps because their security roles don’t always apply correctly. You might need to assign permissions directly instead of relying solely on the Entra group.
     
    This sounds like a complete mess! We would never normally assign security roles directly to a user. Are there guidelines about when this problem occurs, anything that can be done to avoid it, any way of checking in advance that it hasn't occurred (IE before a guest user attempts to use the Model Driven App)?
     
    • If the goal is external user access, consider Power Pages instead of a Model-Driven App. Power Pages is designed for external users without requiring full Dataverse access.
     
    Thanks for this steer. We've not had a use case for Power Pages yet and like everything in the Power Platform, the licencing model and complexities is yet another massive task to undertake to understand/resolve. But, I'll definitely keep it in mind.
     

    Alternatively... get host tenant credentials?

     
    I'm wondering if another approach would be to get "User B" an account within the host tenant. That way they would have the appropriate credentials, not be guests, and we could work with them just like any other user in the same tenant. I will have to ask our tenant admins if this is permitted at our organisation. I'm assuming the main disadvantage with this would be security and compliance (IE they would possibly have access to other unrelated 'org wide' resources) but if there's anything else you're aware of, please let me know.
     
    Many thanks again for your time and help!
  • pp365 Profile Picture
    pp365 439 on at
    I received an email to say my question had a verified answer... but I didn't mark any response to this thread as an answer as I consider the questions pending. Very strange. I will see if I can contact an admin to have the thread 'unanswered'.
     
    Would welcome any comments on the pending questions @AndrewR1 and anyone else reading!

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 739 Most Valuable Professional

#2
Michael E. Gernaey Profile Picture

Michael E. Gernaey 343 Super User 2025 Season 2

#3
Power Platform 1919 Profile Picture

Power Platform 1919 268

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans