Power Apps Roles and Permissions
In the context of Power Apps, permissions and roles are typically managed at different levels, each serving its own purpose. Here’s a breakdown:
Environment Level
An environment is a container for apps, flows, and data. It’s a boundary that separates one collection of apps, flows, and resources from another. At this level, roles include:
- Environment Admin
- Environment Maker
- Environment User
App Level
These are specific to individual Power Apps you build.
- Owner
- Contributor
- User
Data Source Level
This pertains to the underlying data source permissions. If you’re using SharePoint, for example, then SharePoint permissions would apply (Read, Write, Full Control, etc.).
Custom Roles
If you’re using the Common Data Service (now part of Microsoft Dataverse), you can also define custom roles.
Tenant Level
This is more of an overarching administrative role and less specific to Power Apps. Roles like Global Admin or Service Admin would fall under this category.
Power Platform Admin Center
Here you’ll find additional roles like the Power Platform admin role, which gives individuals access to the admin center where they can manage environments and settings across Power Apps and other Power Platform products.
Security Groups
You can use Azure AD security groups to manage a collection of users. You can then assign these groups permissions in Power Apps instead of assigning permissions to individual users.
Shared with Everyone
This isn’t a role per se, but it’s a permission setting you should be aware of. If you publish a Power App and mark it as ‘Shared with Everyone,’ anyone in your organization can access it.