web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Deploying to Prod Envi...
Power Apps
Unanswered

Deploying to Prod Environment security roles and privileges

(0) ShareShare
ReportReport
Posted on by danny90 149

Hi All,

 

Im starting to get abit ticked off with microsoft and its over complicated nature.

Im creating an application in a dev environment and im deploying it to a prod environment.. ive skipped the test environment because this is a very small app and its somewhat of a learning curve for me.

 

I want to start setting up security roles and privileges but im not sure if its something is should be doing in the dev environment? my understanding is that you deploy a solution to an production environment.. but security roles are set at the environment level? so if i set security roles in the dev environment in the admin center, when i deploy the app.. its only going to deploy the solution right? not copy the security roles across as well, or am i wrong?

 

so i don't understand any of it tbh, and thats not even asking about whats the difference with privileges' even how to share the app with people

 

does anybody have a link to a good video that explains all this stuff?

 

Thanks,

Dan

 

 

Categories:
Building Power Apps
I have the same question (0)
  • Ami K Profile Picture
    Ami K 15,679 Super User 2024 Season 1 on at

    @danny90 -

     

    I want to start setting up security roles and privileges but im not sure if its something is should be doing in the dev environment?

     

    Assuming we are not talking about Dataverse for Teams (which applies security differently), each Environment in your tenant will share the same predefined security roles (e.g. Basic User, System Administrator, Environment Maker).

     

    Custom security roles on the other hand will set at the Environment Level. Assuming you know what a Custom Security Role is, best practice would be to include the Custom Security Role as a component inside your Unmanaged Solution in your Developer Environment prior to exporting that Solution as Managed in your Production environment. 

     

    When i deploy the app.. its only going to deploy the solution right? not copy the security roles across as well, or am i wrong?

     

    Correct, unless you also include any Custom Security Roles in your Solution as described above.

  • danny90 Profile Picture
    danny90 149 on at

    Thank @Amik 

     

    That's really helpful, especially the part about including the custom role as a component... would this also work for secured columns?

    do you have any links to any guidance on including them as components?

    I just feel that there must be a more intuitive way to pass security settings between environments.. if I deploy an app with basic functionality that grows over time.. it seems daft to have to setup the security roles once deployed.

     

    Thanks,

    Dan

  • Verified answer
    Ami K Profile Picture
    Ami K 15,679 Super User 2024 Season 1 on at

    @danny90 - 

     

    Would Custom Security Profiles also work?

     

    You must include the any Column Security Profiles in the Solution.

     

    I just feel that there must be a more intuitive way to pass security settings between environments.

     

    You are leveraging Solutions to pass security settings between Environments. If you make a change or create a new custom security role in your Developer environment, any changes made to that component in the Developer environment will be updated in the Production environment once the Solution has been imported.

     

    It seems daft to have to setup the security roles once deployed.

     

    Security roles should be set up and configured in your Developer environment, not retrospectively after the Solution has already been deployed into Production.

     

    Do you have any links to any guidance on including them as components?

     

    No but I am sure even a simple Google search will return guidance. Lisa Crosbie, Reza Dorrani and Shane Young all have useful videos on this topic on YouTube.

     

    Including a Security Role or a Custom Security Profile is as simple as opening your Solution and then selecting "Add Existing":

     

    Amik_1-1719437746037.png

  • danny90 Profile Picture
    danny90 149 on at

    okay thankyou @Amik im sure ill wrap my head around this one day!

     

    i am aware of some of the content creators you mentioned on YouTube! they're great and have helped a lot to date.

     

    just out of interest.. should i be creating teams in my dev too? it seems every time i deploy the app i have to reshare with users.. even though I have a team set up with users in the prod environment i have to right click the app and re add them. interestingly the team is in the share options already but users (albeit just 1 atm) keep getting prompted to request access. is this a propagation sort of thing where if i left it long enough, eventually access would be allowed. 🤔

     

    Thanks for all your help though! its much appreciated!

  • Ami K Profile Picture
    Ami K 15,679 Super User 2024 Season 1 on at

    @danny90 -

     

    Should i be creating teams in my dev too?

     

    There is nothing preventing from you doing from this, but this is not needed because as you're likely aware, Business Units and Teams must be set up and maintained in each environment independently. You cannot for example package Teams into a Solution like you would for a Custom Security Role or Column Security Profile. This is because in principle, environments should always act as a security layer to allow for different levels of access based on the security needs for each environment.

     

    Every time i deploy the app i have to reshare with users.. even though I have a team set up with users in the prod environment i have to right click the app and re add them.

     

    Not an issue I have come across before. @dpoggemann over at the Dataverse forum might have some insight on this behaviour.

  • Ami K Profile Picture
    Ami K 15,679 Super User 2024 Season 1 on at

    -

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 717 Most Valuable Professional

#2
Michael E. Gernaey Profile Picture

Michael E. Gernaey 329 Super User 2025 Season 2

#3
Power Platform 1919 Profile Picture

Power Platform 1919 268

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans