Power Apps Roles and Permissions – Microsoft 365

Power Apps Roles and Permissions

In the context of Power Apps, permissions and roles are typically managed at different levels, each serving its own purpose. Here’s a breakdown:

Environment Level

An environment is a container for apps, flows, and data. It’s a boundary that separates one collection of apps, flows, and resources from another. At this level, roles include:

  • Environment Admin
  • Environment Maker
  • Environment User

App Level

These are specific to individual Power Apps you build.

  • Owner
  • Contributor
  • User

Data Source Level

This pertains to the underlying data source permissions. If you’re using SharePoint, for example, then SharePoint permissions would apply (Read, Write, Full Control, etc.).

Custom Roles

If you’re using the Common Data Service (now part of Microsoft Dataverse), you can also define custom roles.

Tenant Level

This is more of an overarching administrative role and less specific to Power Apps. Roles like Global Admin or Service Admin would fall under this category.

Power Platform Admin Center

Here you’ll find additional roles like the Power Platform admin role, which gives individuals access to the admin center where they can manage environments and settings across Power Apps and other Power Platform products.

Security Groups

You can use Azure AD security groups to manage a collection of users. You can then assign these groups permissions in Power Apps instead of assigning permissions to individual users.

Shared with Everyone

This isn’t a role per se, but it’s a permission setting you should be aware of. If you publish a Power App and mark it as ‘Shared with Everyone,’ anyone in your organization can access it.