web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Can users be prevented...
Power Apps
Answered

Can users be prevented from editing Dataverse outside of a Power App?

(0) ShareShare
ReportReport
Posted on by arpost 455

Greetings, community. I have a scenario where I want to let users work on data in the Dataverse BUT I want to ensure that their only means of working on records is via a Power App + Power Automate flows. I want to be sure that people can't manually go in or create their own apps/flows to change data directly. Is there some way to achieve this with the Dataverse?

 

If this were a traditional DB, this might be achieved via a service principal/account, so users wouldn't have direct access and had to use an application interface.

Categories:
Microsoft Dataverse with Power Apps
I have the same question (0)
  • Verified answer
    Ami K Profile Picture
    Ami K 15,679 Super User 2024 Season 1 on at

    @arpost -

     

    If we're not talking about security in Dataverse for Teams (which is controlled by the Office 365 Group), Dataverse works under the principle of least privilege/deny by default. Only users who are granted either a Dynamics 365 Service Admin, Office 365 Power Platform Admin, System Admin and System Customizer role will have access to the underlying tables.

     

    Users would not be able to directly access underlying data unless the correct security role have been granted. Let's suppose for example that User A has been granted a security role which grants access to the Canvas App, as well as permission to read, edit, and create items in Dataverse table used by the Canvas App. However, User B (who has one of the Admin or Reader roles) copies the hyperlink to the Dataverse table and then shares that link with User A; this is what User A will see if they opened that link:

     

    Amik_0-1710356873055.png

     

    Further reading: https://learn.microsoft.com/en-us/power-platform/admin/database-security

  • arpost Profile Picture
    arpost 455 on at

    Thank you for your reply, @Amik. That's good to know. So would a similar thing happen if User A attempted to create a Power Automate flow that interacted with the Dataverse table or a Power App? Basically, I want to be sure there isn't a hidden backdoor that a person could use to access the data.

  • Ami K Profile Picture
    Ami K 15,679 Super User 2024 Season 1 on at

    @arpost - users are only permitted to create flows in the default environment. They will not have permission to create or update flows in your environment unless they have the required security role (e.g. a non admin role such as Environment Maker).

     

    Further reading:

     

    https://learn.microsoft.com/en-us/power-automate/desktop-flows/desktop-flows-security 

  • pmesiha Profile Picture
    pmesiha 56 on at

    there are actually a back door, MS introduced preview features last year to allow to connect to dataverse tables in a different environment form Power Apps/Power Automate, with this approach. if you have your data in one env where users have access to only modify the data on some tables based on the assigned security roles. users can still create an app in the "Default" environment, and connect to the table they have access to in a different environment. 
  • Suggested answer
    SaiRT14 Profile Picture
    SaiRT14 1,990 Super User 2025 Season 2 on at
    • Direct table access in Dataverse is restricted based on security roles.
    • Even if User B shares a hyperlink, User A will not gain access unless their role allows it.
    • To manage this effectively, assign custom security roles or adjust existing roles to ensure the correct level of access (or lack thereof) for both app interaction and direct table access.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 765 Most Valuable Professional

#2
Michael E. Gernaey Profile Picture

Michael E. Gernaey 343 Super User 2025 Season 2

#3
Power Platform 1919 Profile Picture

Power Platform 1919 272

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans