You’re offline. This is a read only version of the page.
195
I was researching what users in the Default environment can do with Solutions to make sure they could package their existing flows/apps in a Solution to move them to a protected environment.
In doing so, I found a Security vulnerability which I'm hoping there is a way to lock it down.
I had a "normal" user go to the Default environment, click on one of my Solutions and they were unable to see any flows, apps, etc. in the Solution, so that was good.
But I noticed the "Add" navigation options were available inside my solution so had them test adding a flow to the Solution and they were able to without any errors.
I also noticed that the "Delete" button was also available when they selected my solution from the Solution view.
As this was a Test Solution, I had them try to delete it and sure enough it was deleted.
In our other protected environments we've created a Security Role that is similar to Environment maker, but has less permissions.
That works in preventing them from adding to a solution, or deleting a solution.
So the question is..
How do we protect Solutions in the Default environment so users can still create them, but can't add to, or delete solutions created by others?
@jukka-niiranen - In researching security for the Power Platform, I did find my old Post that you and @ChrisPiasecki responded to.
Any ideas on how I can give them the needed permissions to create and export solutions while also preventing them from adding to, or deleting, solutions they don't own?
Share
Report
All responses (
Answers (
