You’re offline. This is a read only version of the page.
133
In my ongoing (but so far failing) attempts to understand Power Apps permissions, I was advised to look at the recently added "Add to Teams" option in Power Apps: https://docs.microsoft.com/en-us/powerapps/maker/canvas-apps/embed-teams-app
I gave this a go but adding an app to a Team doesn't do anything regarding sharing to the app with the Group members. This process only seems to provide a ring fenced window to the app but since Power Apps can only be group shared via mail enabled security groups (SG), these won't be in synch. A SharePoint site hosting the app would seem to be a better option, as both the Power App and the site can at least have matching shares via a SG.
Am I not getting something?
Hi Paul
That's pretty much what I've discovered. I did find that, in the last scenario, as long as the app is shared, it shows up in the user's mobile experience
I stil don't get what "Add to Teams" is adding! Is it a performance thing, perhaps?
You are correct. Add to Teams just makes the app available to be used in a Teams site, but doesn't apply any other limits. Anyone who is a member of the Team can use the app. For anything other than the default environment you can limit the ability of user's to create apps by removing their Maker permission in the environment through the App admin center. Non-makers can still run apps in that environment if they are shared with them, but cannot make new apps. Everyone is automatically a Maker in the default environment and that can't be changed. For non-default environments you can also associate a Security group with an environment. Only members of that security group will be able to use that environment, but that applies to both making and running apps.
One last point. If you remove a user's maker permission for an environment, then they won't be able to see that environment. In that case the only way to run an app shared with them is by clicking on the URL provided to them when the app was shared. As non-makers they can't see the environment to browse it for apps shared with them.
Hi Paul
Thanks again for helping out!
Sorry no, I wasn't referring to any data source permissions but just, in this case, the access to a Team (controlled by its Group membership) and the sharing of the PowerApp itself. The official documentation (linked in my original post) doesn't explain the purpose of the "Add to Teams" functionality.
I've been struggling to get control over allowing all users to access a custom environment, without allowing them any maker permissions. Its clear that this doesn't work as I expected and my latest conversations threw up a suggestion of that using Teams might work for this purpose. However, my tests again indicate that Teams doesn't actually apply any access controls to the app.
It seems that "Add to Teams" merely makes the app available. Functionally, I can't see any difference to adding it via the "Power Apps" app, hence my query. Am I missing some particuylar benefit of this new functionality?
Thanks again
Can you expand a bit more on what you mean by Power Apps permissions? In general permissions in Power Apps are based on the permissions the user has to the data source. Sharing an App with another user is what let them run the app, but the permissions they have in the back end data source is what determines what they can do with the app.
If you provide a bit more detail on what you want to do in Power Apps and how it relates to permissions we can try to help explain how the underlying permissions would work
#1
Michael E. Gernaey
9
Super User 2025 Season 1
#2
bscarlavai33
5
Super User 2025 Season 1
#3
getsplash
2
Share
Report
All responses (
Answers (
