I have a security roles assigned to user. And there is a app which is shared to only Sys admin. But the app is still showing up in the app list of the user which don't have a sys admin role. Not sure why its happening, I checked if the user was in any team where it is inheriting its privileges. The user is not in Teams as well. Im wondering where I am missing out.
From our understanding that would not be an expected behavior. Because the roles the app is using is not same as the ones it is shared with, so in other words:
This:
is for the app scope.
It should not be same as
this for the specific shared user and their scope:
It is the second screenshot, the one with "someperson" which control about which person sees the app. Also under that, the permissions for that user for that app are also separate scope in that second one above.
To our understanding, the second one is most important. However, if in the first one, there are not enough permissions, it may mean the whole app does not work for anyone if the app needs the permissions that were omitted from the checkboxes for the first one. So simplest way is probably make sure the checkboxes are the same for the app and for each person if it is a "simple" scenario where everyone just needs same access to app.
If above is really not how it is working in your case please give specific example in the next reply and we might check it. You bring up a very interesting subject matter and it may be worth for us to check into it even more deeply to clarify on this one.
Hi @poweractivate ,
I tried with other security roles as well. I think the issue is if an app is not shared with Salesman security role. But its security role has write access to model driven app, the app that you don't even have any access to it will still show up.
Once I removed the write access all the model driven app that were not shared didn't show up after that. Is it is a expected behavior @poweractivate ?
@summitb
That one you reference is about what security role(s) the App itself will use, such as in the linked Dataverse Data Source, etc. and it is not about about who specifically inside these roles that the app will be shared with - those are two separate things. The app may use the, say the Salesperson role and have this checkbox checked in this part. However, if the app was not shared with a single person through the Share feature on that App, then not even a single Salesperson will see that app. That roles thing is for the app scope permissions, not about which users see the app, that one is separate.
To check who it is shared with is in separate list from the roles one. The roles one is the permissions of the app - not about who in the role will get the app shared with them - they are actually not the same thing.
By the way, System Administrator is not very good example to use to illustrate above, that is why we picked another role even as an example. Because System Administrator could do almost whatever they want, and they may be able to even all the apps including those not shared with them, if their view selector in make.powerapps.com -> Apps is set to "Org Apps" instead of "My Apps" for example, and potentially in some other ways as well. This could cause even further confusion then. So try instead with another role that is reduced like Salesperson, or perhaps even just create a custom role, for best results about checking the above.
Check about if the above helps. If not let us know if this one is still not clear to you, and we might check and see if we could provide you with some more details.
Stay up to date on forum activity by subscribing. You can also customize your in-app and email Notification settings across all subscriptions.