Power Apps - Microsoft Dataverse

Limit dataverse access across different environments

(3) Share

Report

Posted on by pmesiha

Consider the following scenario:

A custom Power Platform environment is hosting production data in Dataverse, the Dataverse is secured by custom security roles to allow only specific users to create/edit through a custom Canvas App. Users doesn't have access to create apps/flows within this environment.
Users have default "App Maker" access on default environment where users can create apps/flows.
with the recent dataverse connector features, now you can connect to a table from a different environment via an App/Flow (Check below).
How can i limit users from being able to access the data in the production environment and make edits, the custom Power App include lots of business rules that needs to be followed, and once the user have access to a record, they can manipulate its data via an app in a different environment.

Here is what i looked into so far, but no proper solution:

DLP policies
Specific permissions to disallow cross environment
Converting all Creation/Edits to be run via Power Automate (Running with elevated access) could work, but it is so much work to do.

Categories:

Microsoft Dataverse

Tables

All responses (7)

Answers (0)

CU06052020-0 2 on at

Like (0)

Report

Limit dataverse access across different environments

I sure wish you had gotten an answer. I was just discussing this same issue with my coworkers. Anyone with a license and their own Environment with the Dataverse connector enabled can make a Flow to change the data in our Environments. Seems like a huge security hole!
CU18101443-0 3 on at

Like (1)

Report

Limit dataverse access across different environments

Let me rephrase it, please read carefully and do not reply if you don't understand.

Imagine scenario with User 1.

1) User 1 is maker in Default Environment.

2) User 1 is application user in Production Environment. He has CRUD access to Custom Tables as per his need assigned via Security Role.

3) User 1 has NO rights to create Flows / Apps in Production Environment.

4) User 1 creates a flow in Default Environment that leverages Dataverse Connector to edit rows in Production Environment.

How can we restrict Apps / Flows accessing other environments than the one they were created in?
pmesiha 50 on at

Like (0)

Report

Limit dataverse access across different environments

@FLMike, for some reason some browser weren't showing the details of the question. i adjusted the formatting and now it appears in Chrome/Edge.

What I am trying to solve is disallowing users to build their own apps that connect to data (they have access to) on a different environment, All Dataverse connectors now allows connecting to a table on a different environment, in in my case, users need access to such data , but it needs to be viewed/edited via a Power App which have extra business rules that needs to be maintained.

Please review the scenario above and let me know.

We already using groups to limit access to the env., but this don't solve the problem as users need access to such data. but still have "App Maker" on default environment,
Michael E. Gernaey 43,378 Super User 2025 Season 1 on at

Like (1)

Report

Limit dataverse access across different environments

Weird that 2 more people post, just to ask the same thing I asked :-)

If you want to limit access to Dataverse, then you need to add a Security Group to the Environment and it will limit access to those added there.

But by default, people have no roles in Dataverse, even if they have a license, so they are restricted from doing anything at all.

But I was able to snag a screenshot before it poofed.

The issue is, a person doesnt just "have access", you must grant it, so I am not sure why you built an App that purposely connectors to another environments Dataverse (using what connector??? since the OOB ones wont do that. are you using the HTTPS connector?)

Anyway I do not really follow what you are asking and why because all you have to do is NOT grand them permission.
As for access to data, never give users access to a single App that connectors to multiple envioronments.

So right now I don't know how or why you have an issue, unless yuou are blanketly giving access to everyone to every environment. That's fine if you are, but you still have to give them access to the data or yes, use a Flow to have another account do the work, as long as the user has a DV license, then thats it.
Shashank Bhide 940 Super User 2025 Season 1 on at

Like (0)

Report

Limit dataverse access across different environments

your question need more details plz
Suggested answer

ankit_singhal 555 Super User 2025 Season 1 on at

Like (0)

Report

Limit dataverse access across different environments

Please explain your issue. Also, each environment have different dataverse database. if you have any permission issue in dataverse the check security roles

Note: Please mark verified, if it is helpful for you
Suggested answer

Michael E. Gernaey 43,378 Super User 2025 Season 1 on at

Like (1)

Report

Limit dataverse access across different environments

Hi

I am not sure what you are asking? Dataverse is part of a single environment, not many.

So what are you asking?