web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Restrict environment u...
Power Apps
Unanswered

Restrict environment users from creation of Apps, Flow, and Tables

(0) ShareShare
ReportReport
Posted on by devApps 2

Hi everyone,

 

We have a solution consisting of canvas apps, flows and tables. I have assigned them security roles as 'Basic user' and 'System customizer' while sharing the app. After that, the users get access to that environment. They can play the canvas app and read and write access of dataverse table. User has no access to edit or delete app and dataverse table available in that environment. That is okay for us.

But because of  'basic user' and 'system customizer' security role, user get access to create new app, flow, table and other objects in that environment. How to restrict the user from creation or deletion, but not from reading and writing in an environment ?

Categories:
Governance & administering
I have the same question (0)
  • joe_hannes_col Profile Picture
    joe_hannes_col 1,843 Super User 2024 Season 1 on at

    Hello @devApps,

     

    You can be much more restrictive in terms of permissions for your users to customize resources in your environment while still allowing them to use your apps and flows.

    However, to do this, you will have to create custom security roles. In these security roles, you can define very granularly what tables a user with this role has access to, if they can create new data inside it etc. You can find out more about this here

    Your users can currently create new apps, flows, etc. because of the System Customizer role. This role should only be awarded to users who administrate the environment and need to import new solutions etc.

  • velegandla Profile Picture
    velegandla 204 Moderator on at

    @devApps 

     

    End Users using the application should never get a system customizer role in a production environment.

     

    This role should be given only in a development environment while people developing solutions.

     

    Always make a custom security role copied from the minimum permissions (App opener role or basic user), then grant access to custom database tables that need required permissions.

     

    I recommend watching the video explaining the dataverse security concepts.

    https://www.youtube.com/watch?v=8UWSj-vvxzU 

     

    ====================================================

    If I have answered your question, please mark your post as Solved.
    If you like my response, please give it a Thumbs Up.

    https://www.linkedin.com/in/devendravelegandla/ 

     

     

     

     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 721 Most Valuable Professional

#2
Michael E. Gernaey Profile Picture

Michael E. Gernaey 320 Super User 2025 Season 2

#3
Power Platform 1919 Profile Picture

Power Platform 1919 268

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans