Announcements
We are securing environment access using Environment SG. When we share a Canvas app that has no CDS connection, We are able to share it with users outside the Environment SG. Is this an expected behavior? Shouldn't it be restricted to users in the Environment SG?
Can you check might be user added in your environment as disable user?
If you apply security group during Environment creation then other user will not added. But if you create Environment without security group this will add all the tenant user in the environment
Later if you apply security group after the environment creation so all the users be will disabled those are not part of the security group.
You are mixing 2 different things here.
Security group control access to environments, meaning ability to build things, and consumme data stored (all ot this tied to security roles of course). But apps can always be shared with anyone in the tenant.
It's very similar to what you have in Sharepoint : even if a limited set of users access the site ( = powerapps env), you can still decide to share some specific files (= apps here) with any other user.
Under review
Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.
Congratulations to our 2026 Super Users!
Congratulations to our 2025 community superstars!
These are the community rock stars!
Stay up to date on forum activity by subscribing.
wolenberg_ 119 Super User 2026 Season 1
WarrenBelz 107 Most Valuable Professional
Haque 103
