web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / What does "Security Gr...
Power Apps
Unanswered

What does "Security Group" when creating a new environment means?

(0) ShareShare
ReportReport
Posted on by johnjohn123 3,514

we want to create a new power platform environment, and we are asked to define a Security group, as follow:-

 

johnjohn123_0-1697465870273.png

 

so what is the purpose for this security group? so only members inside this group will be able to create new solutions ? and edit existing solutions? or this also include the users who will be using the solutions' power apps and power automate? in other words if i define only the admin-group to have access to the environment through the above security group, then does this mean that other non-admin users will not be able to access and use the power apps inside this environment even if the power apps was shared with them?  

 

Categories:
Governance & administering
I have the same question (0)
  • AlbertoCastro Profile Picture
    AlbertoCastro 1,201 Most Valuable Professional on at

    Hi,

    the use of a Security Group in a Environment is a way to control the acceso of the environment, because only will have access the subset of users included in this group.

    The users that will have access to the environemt to develope solutions (with Environment maker or System customizer roles) need to be included in these group. Also the users that have been shared a power apps in the environemtn, will need to be in this group.

    -------------------------------------------------------------------------
    If I have answered your question, please mark your post as Solved.
    If you like my response, please give it a Thumbs Up.

    Regards
    Alberto

  • johnjohn123 Profile Picture
    johnjohn123 3,514 on at

    @AlbertoCastro thanks for the useful reply, so if we have some power apps inside this environment that need to be shared with all users, then we will need to add all users to the environment's security group? if the answer is yes, then will all users have the ability to create apps and edit existing apps inside the environment ?

  • AlbertoCastro Profile Picture
    AlbertoCastro 1,201 Most Valuable Professional on at

    first question: Yes, the users shared need be included in the security group: directly or in a subgroup.
    Second question: No, the users to consume a power app don't need privileges to create/edit apps.

     

    A tip: if you need to share a power app with several users. Create a Azure AD Security Group to include the users and set this group like child of the Security Group of environment.

    -------------------------------------------------------------------------
    If I have answered your question, please mark your post as Solved.
    If you like my response, please give it a Thumbs Up.

    Regards
    Alberto

  • johnjohn123 Profile Picture
    johnjohn123 3,514 on at

    @AlbertoCastro so this mean that when we add a security group then members will have a minimum permission on the enviroment.. so they can not use a power app unless shared with them, and they can not edit/create a power apps unless they have maker permission ?? am i correct?

  • AlbertoCastro Profile Picture
    AlbertoCastro 1,201 Most Valuable Professional on at

    yes, it's correct

    -------------------------------------------------------------------------
    If I have answered your question, please mark your post as Solved.
    If you like my response, please give it a Thumbs Up.

    Regards
    Alberto

  • ganeshsanap Profile Picture
    ganeshsanap 1,555 on at

    @johnjohn123 

     

    When you associate the Power Platform environment with a security group, only the members of security group will be added as "Users" for the environment. You can see the "Users" from environment details page:

    1. From the Microsoft Power Platform admin center, select the environment to which you want to add users.

    2. Select Settings > Users + permissions > Users.

    SourceAdd users to an environment 

     

    You'll see the list of users that have already been added to the environment.

     

    Also, note:

    • If a security group is associated with an environment, only users with Dataverse licenses or per app plan that are members of the environment security group will be created as users in the environment.
    • If you don't specify a security group, all users who have a Dataverse license (customer engagement apps such as Dynamics 365 Sales and Customer Service) or per app plan will be added to the new environment.
    • All licensed users, whether or not they are members of the security groups, must be assigned security roles to access data in the environments. You assign the security roles in the web application. If users don’t have a security role, they'll get a data access denied error when trying to run an app. Users can't access environments until they are assigned at least one security role for that environment.

    Sources:

    1. Control user access to environments: security groups and licenses 
    2. Create and manage environments in the Power Platform admin center 

    In your case, if only the admin-group is associated with the environment then only the members of admin-group will be added to the environment. Then you can share the Power Apps applications and Power Automate flows with the users of admin-group.

    If you want to add other group members to the environment, you should be able to do it manually by following: Add users to an environment

     

    If you want all users in your company to be added inside the environment, don't assign the security group with the environment. Select "None" option against the security group while creating the environment. Also, not everyone will have ability to create new apps unless the necessary role (Environment Maker or higher) is assigned to them and edit existing apps unless they are shared with user as co-owner of the individual app.

    Please click Accept as solution & ‌‌👍 if my answer helped you to solve your issue. This will help others to find the correct solution easily. If the answer was useful in other ways, please consider giving it ‌‌👍

     

    For SharePoint/Power Platform blogs, visit: Ganesh Sanap Blogs

  • johnjohn123 Profile Picture
    johnjohn123 3,514 on at

    @ganeshsanap can you advice more on this point please:-

     

     only users with Dataverse licenses or per app plan that are members of the environment security group will be created as users in the environment.

     

    now our users does not have premium licenses for data verse,, so they can not access the new environments? or i did not get your point correctly?

  • ganeshsanap Profile Picture
    ganeshsanap 1,555 on at

    @johnjohn123 

     

    Check this documentation in detail once: Control user access to environments: security groups and licenses . There are other points to consider as well for environment security.

    Please click Accept as solution & ‌‌👍 if my answer helped you to solve your issue. This will help others to find the correct solution easily. If the answer was useful in other ways, please consider giving it ‌‌👍

     

    For SharePoint/Power Platform blogs, visit: Ganesh Sanap Blogs

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the March Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
11manish Profile Picture

11manish 530

#2
WarrenBelz Profile Picture

WarrenBelz 459 Most Valuable Professional

#3
Haque Profile Picture

Haque 314

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans