web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Understanding Custom E...
Power Apps
Unanswered

Understanding Custom Environments and Security roles

(0) ShareShare
ReportReport
Posted on by BillYoung-arm 133

I've been trying to understand how Power Apps environments and security roles work. I'd welcome any commentary/sanity check  upon this strategy:

 

We've initially create 3 new environments: dev, test and prod for "approved" apps.
All have a CDS and individual security group

 

My intention is to:

add all users to prod but only with a security role which allows the running of apps: CDS user

add users as required to dev and test environments but the former users have the "Environment Maker" role, to allow the creation of apps in dev and the latter only have the "CDS User" role

To do this, it appears that I have to add the users first to the relevant security groups, thus making them enabled, then allocate the security roles

 

Obviously there is more than just this but if someone could confirm that this is an appropriate method and correct procedure, this would be really helpful.

 

Presumably the same approach should be taken with corporate Flows?

 

Thanks Bill

Categories:
Governance & administering
I have the same question (0)
  • v-yutliu-msft Profile Picture
    v-yutliu-msft Microsoft Employee on at

    Hi @BillYoung-arm ,

    You not only could assign security role to a single user one by one, but also could assign security role to a security group.

    Then all the users in the security group will have this permission.

    What's more, if you want to assign security role to a security group, you need to create a security group.

    Now let me explain how to assign permission of environment:

    1)login in power platform:

    https://admin.powerplatform.microsoft.com/

    2)choose the environment that you want

    3)create a security role

    1233.PNG

     4)if you want to assign role to a single person, choose this:

    1234.PNG

     

    if you want to assign role to a whole group, choose this:

    1235.PNG

    5)If you choose "users", just select the user that you want, choose "manage role". 

    1236.PNG

     

     

    If you choose "teams", firstly you need to create a security group.

    1237.PNG

     choose all the users that you want to assign roles, make them in the same group.

    After you create security group successfully, assign role to this group.

    1238.PNG

     

     

    Best regards,

     

  • BillYoung-arm Profile Picture
    BillYoung-arm 133 on at

    Thanks Phoebe

    The problem appears to be that new users added to the already linked Security group aren't displaying in the "Users" list, despite being added 24 hours ago.

    I can see the user in the SG in the M365 Admin Center, has an E5 licence and that the SG is linked to the environment, so this doesn't seem to make sense. Perhaps there's something else that needs to be done?

    Any advice would be great

    Cheers Bill

     

  • BillYoung-arm Profile Picture
    BillYoung-arm 133 on at

    Hi all!

    Following a Christmas break, I'm still trying to pursue an understanding of custom environments

    As mentioned previously, I’m trying to create a custom Power Apps Production environment in which all of our staff can view and run apps from, yet they don’t have any maker rights to amend those apps. We additionally will have custom Test and Dev environments to support this.

    I now believe that I have to create the custom environment without a Security group. It seems SGs can't be nested. Adding "Everyone" didn't work but creating one without an SG, added all tenancy users as "Enabled users" to the environment.

    As they were subseqently all also members of the Team and "Business Unit" I thought that this would solve my problem. I then created a “min priv apps use” Role (as shown here: https://docs.microsoft.com/en-us/power-platform/admin/database-security) and assigned both this and the CDS user roles to the Team (I believe that only the first one should necessary).

     

    My Dynamics colleagues tell me that this is usual, as the Enabled Users inherit the roles from the Team they are a member of, even though this isn’t apparent on their individual records. However, when tested, I would then expect that all “Enabled Users” are able to see that custom environment listed in their Power Apps studio. This isn’t the case

     

    At the moment, I believe that I’ve tried every possible configuration. However, I’m not clear if:

    a/ I’m trying to create an inappropriate environment configuration or

    b/ I’m doing something wrong in the creation/set up

     

    With regard to a/:

    Can anyone confirm that this is a common approach and configuration?

    If so, could you outline the steps to achieve this?

    If you have other comments or suggestions, that would be great also

    Thanks again all

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the January Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
Haque Profile Picture

Haque 88

#2
WarrenBelz Profile Picture

WarrenBelz 85 Most Valuable Professional

#3
Valantis Profile Picture

Valantis 45

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans