Share Power Apps without Security Groups
Security groups are great, and the way you should always go to control access to your apps/run only flows.
The article explains how to share Power Apps without using security groups when they are unavailable. The solution involves creating a SharePoint list to store users and adding columns for AppID, EnvironmentID, User, and Status. A flow is set up to trigger when an item is created or modified, and the PowerApps Admin connector is used to share the app via the Edit App Role Assignment connector. The Basic User Security Role is also given to the user, and the process can be reversed to remove user access.
The article discusses how to share Power Apps without the use of security groups, which might not always be accessible. This is achieved through the following steps:
Create a SharePoint List: This list is used to store users and includes columns for AppID, EnvironmentID, User, and Status. The AppID and EnvironmentID could be hardcoded into the flow, but using them in the list improves reusability.
Setting Up a Flow: A flow is created that triggers when an item in the SharePoint list is created or modified. A trigger condition is also set up to run the flow only when the Status column of an item is changed to either 'Request Access' or 'Request Removal'.
Use PowerApps Admin Connector: The 'Edit App Role Assignment' function is used in the PowerApps Admin connector to share the app with a user. This function is designed for bulk addition of users, but in this case, it is used to add a single user.
Assign Basic User Security Role: The user is given the Basic User Security Role. This might not be necessary for all apps, but the author suggests that it is safer to do so.
Removal of User Access: The process can be reversed to remove a user's access to the app. This is done by using the same 'Edit App Role Assignment' function, but this time, the user's ID is passed into the delete ID.
The author acknowledges that while security groups are a better solution, this workaround is handy when they are not available, especially for citizen developers who might not have full access to all resources.
Read the full article Share Power Apps without Security Groups
Extra Information: SharePoint vs. Dataverse for Power Apps Data Storage
In the context of storing users for Power Apps, SharePoint is recommended as a free and easy solution. However, it is worth noting that the alternative, Dataverse, provides a more advanced and scalable option for data storage. Dataverse offers more robust features such as out-of-the-box integration with other Power Platform tools, enhanced security and fine-grained access control, and more advanced data types and validation options. While SharePoint may be sufficient for basic use cases like storing user data, organizations with more complex data storage needs should consider exploring Dataverse as a more powerful solution.
Learn about Share Power Apps without Security Groups
As a Microsoft Expert, one should learn about how to securely share Power Apps without the use of security groups. This is possible by creating a SharePoint list with four columns: Name, Email, AppName, and Access. The Name and Email columns will store the users who will have access to the App, while the AppName and Access columns will indicate which app the user is allowed to access and what level of access the user has. To add users to the App, the developer can use the AddUser function to add the user to the AppName column with the appropriate Access. To remove a user from the App, the developer can use the RemoveUser function to remove the user from the AppName column. Additionally, the developer can use the Basic User Security Role to provide different levels of access to the user. By following these steps, developers can securely share Power Apps without the need for security groups.
More links on about Share Power Apps without Security Groups
- Share Power Apps without Security Groups
- Jun 14, 2023 — Security groups are great, and the way you should always go to control access to your apps/run only flows.
- A Fool-Proof Way To Share Power Apps With External Users
- Feb 13, 2022 — We can share Power Apps with external users belonging to an Azure AD security group and automatically grant app access & licenses.
- How groups & teams work in Power Apps & Dataverse
- Mar 21, 2022 — Using Azure AD / Microsoft 365 groups and Microsoft Teams to manage access to Power Platform environments, apps and data.
- PowerApps Sharing in Bulk with Office 365 Groups
- Feb 16, 2021 — In doing so, you can share the PowerApp with a single group through the standard UI as you would an individual user, select the security role, ...
- Make it possible to share Power Apps with different security ...
- Our idea is: When sharing an app with colleagues in Teams - you should be able to select a security group per app you are sharing.
Keywords
Microsoft Power Apps, Office 365 Users, SharePoint List, Citizen Developer, Security Groups