Simplifying security distribution to lots of user in a canvas app

(1) Share

Report

Posted on by Salim_A_M

Hello,

I've been wrestling with how to give my users the necessary data permissions in a canvas app I'm building.

The error message I'm getting is the usual one: 'Error when trying to retrieve data from the network'

I'm using dataverse entities as the main data storage for the app, not sharepoint.

Based on my research, I've understood that canvas apps respect whatever permissions are applied to a given data source that's in use.

In this case, this would be security roles given the to the user and teams to which the user belongs, far as I'm aware. (I'm still learning these, so I may say something flawed)

The crux of the problem is that I don't what to end up having to assign security roles for every single user that uses the app as I feel it'd be a bit over the top.

First thing that came to mind then would be impersonation, which I'm personally most used to using in plugins.

Thus, I started looking into using it in a canvas app, and well, I'm not sure it's possible by now.

So mainly these are the two points I wanted to ask about most:

Am I missing something and is impersonation actually feasible in a canvas app?
If not, what other choices do I potentially have to provide the correct permissions to my user en-masse, or in some similar way?

Categories:

Connecting to Data

All responses (2)

Answers (1)

Salim_A_M 98 on at

Like (1)

Report

Simplifying security distribution to lots of user in a canvas app

Hello AmínAA,

Thank you for the overview.

This does mostly solve the problem for now.
Verified answer

AmínAA 1,084 Super User 2025 Season 1 on at

Like (0)

Report

Simplifying security distribution to lots of user in a canvas app

Greetings Salim_A_M!

My suggestion would be for you to first, create a specialized role within the solution, assigning it the basic user permissions and enabling the any of the (REUD) permissions of the tables. This should guarantee that the users to which you assign the role, have just the permissions regarding the App. And instead of assigning said role manually to each and every user, you could create a Microsoft Group in the Microsoft Admin Panel, and assign the users within the group, then you can share the App exclusively with said group and assign your custom role just to the group instead to assign it to each user individually. This way you can better control who holds each permission.

Hopefully this solves your problem, if that's the case, feel free to mark this reply as an answer, otherwise feel free to reply as well to get further help!