Skip to main content

Notifications

Community site session details

Community site session details

Session Id :
Power Apps - Building Power Apps
Answered

Deploying to Prod Environment security roles and privileges

Like (0) ShareShare
ReportReport
Posted on 26 Jun 2024 14:23:05 by 149

Hi All,

 

Im starting to get abit ticked off with microsoft and its over complicated nature.

Im creating an application in a dev environment and im deploying it to a prod environment.. ive skipped the test environment because this is a very small app and its somewhat of a learning curve for me.

 

I want to start setting up security roles and privileges but im not sure if its something is should be doing in the dev environment? my understanding is that you deploy a solution to an production environment.. but security roles are set at the environment level? so if i set security roles in the dev environment in the admin center, when i deploy the app.. its only going to deploy the solution right? not copy the security roles across as well, or am i wrong?

 

so i don't understand any of it tbh, and thats not even asking about whats the difference with privileges' even how to share the app with people

 

does anybody have a link to a good video that explains all this stuff?

 

Thanks,

Dan

 

 

Categories:
  • Ami K Profile Picture
    15,665 Super User 2024 Season 1 on 26 Jun 2024 at 23:38:01
    Re: Deploying to Prod Environment security roles and privileges

    -

  • Ami K Profile Picture
    15,665 Super User 2024 Season 1 on 26 Jun 2024 at 23:36:36
    Re: Deploying to Prod Environment security roles and privileges

    @danny90 -

     

    Should i be creating teams in my dev too?

     

    There is nothing preventing from you doing from this, but this is not needed because as you're likely aware, Business Units and Teams must be set up and maintained in each environment independently. You cannot for example package Teams into a Solution like you would for a Custom Security Role or Column Security Profile. This is because in principle, environments should always act as a security layer to allow for different levels of access based on the security needs for each environment.

     

    Every time i deploy the app i have to reshare with users.. even though I have a team set up with users in the prod environment i have to right click the app and re add them.

     

    Not an issue I have come across before. @dpoggemann over at the Dataverse forum might have some insight on this behaviour.

  • danny90 Profile Picture
    149 on 26 Jun 2024 at 23:03:08
    Re: Deploying to Prod Environment security roles and privileges

    okay thankyou @Amik im sure ill wrap my head around this one day!

     

    i am aware of some of the content creators you mentioned on YouTube! they're great and have helped a lot to date.

     

    just out of interest.. should i be creating teams in my dev too? it seems every time i deploy the app i have to reshare with users.. even though I have a team set up with users in the prod environment i have to right click the app and re add them. interestingly the team is in the share options already but users (albeit just 1 atm) keep getting prompted to request access. is this a propagation sort of thing where if i left it long enough, eventually access would be allowed. 🤔

     

    Thanks for all your help though! its much appreciated!

  • Verified answer
    Ami K Profile Picture
    15,665 Super User 2024 Season 1 on 26 Jun 2024 at 21:36:03
    Re: Deploying to Prod Environment security roles and privileges

    @danny90 - 

     

    Would Custom Security Profiles also work?

     

    You must include the any Column Security Profiles in the Solution.

     

    I just feel that there must be a more intuitive way to pass security settings between environments.

     

    You are leveraging Solutions to pass security settings between Environments. If you make a change or create a new custom security role in your Developer environment, any changes made to that component in the Developer environment will be updated in the Production environment once the Solution has been imported.

     

    It seems daft to have to setup the security roles once deployed.

     

    Security roles should be set up and configured in your Developer environment, not retrospectively after the Solution has already been deployed into Production.

     

    Do you have any links to any guidance on including them as components?

     

    No but I am sure even a simple Google search will return guidance. Lisa Crosbie, Reza Dorrani and Shane Young all have useful videos on this topic on YouTube.

     

    Including a Security Role or a Custom Security Profile is as simple as opening your Solution and then selecting "Add Existing":

     

    Amik_1-1719437746037.png

  • danny90 Profile Picture
    149 on 26 Jun 2024 at 20:42:09
    Re: Deploying to Prod Environment security roles and privileges

    Thank @Amik 

     

    That's really helpful, especially the part about including the custom role as a component... would this also work for secured columns?

    do you have any links to any guidance on including them as components?

    I just feel that there must be a more intuitive way to pass security settings between environments.. if I deploy an app with basic functionality that grows over time.. it seems daft to have to setup the security roles once deployed.

     

    Thanks,

    Dan

  • Ami K Profile Picture
    15,665 Super User 2024 Season 1 on 26 Jun 2024 at 20:27:46
    Re: Deploying to Prod Environment security roles and privileges

    @danny90 -

     

    I want to start setting up security roles and privileges but im not sure if its something is should be doing in the dev environment?

     

    Assuming we are not talking about Dataverse for Teams (which applies security differently), each Environment in your tenant will share the same predefined security roles (e.g. Basic User, System Administrator, Environment Maker).

     

    Custom security roles on the other hand will set at the Environment Level. Assuming you know what a Custom Security Role is, best practice would be to include the Custom Security Role as a component inside your Unmanaged Solution in your Developer Environment prior to exporting that Solution as Managed in your Production environment. 

     

    When i deploy the app.. its only going to deploy the solution right? not copy the security roles across as well, or am i wrong?

     

    Correct, unless you also include any Custom Security Roles in your Solution as described above.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Understanding Microsoft Agents - Introductory Session

Confused about how agents work across the Microsoft ecosystem? Register today!

Warren Belz – Community Spotlight

We are honored to recognize Warren Belz as our May 2025 Community…

Congratulations to the April Top 10 Community Stars!

Thanks for all your good work in the Community!

Leaderboard > Power Apps - Building Power Apps

#1
MS.Ragavendar Profile Picture

MS.Ragavendar 32

#2
Rajkumar_M Profile Picture

Rajkumar_M 16 Super User 2025 Season 1

#2
mmbr1606 Profile Picture

mmbr1606 16 Super User 2025 Season 1

Overall leaderboard