You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: powerapps-docs/maker/model-driven-apps/share-model-driven-app.md
+40-99Lines changed: 40 additions & 99 deletions
Original file line number
Diff line number
Diff line change
@@ -24,130 +24,70 @@ search.app:
24
24
[!INCLUDE [powerapps](../../includes/powerapps.md)] apps use role-based security for sharing. The fundamental concept in role-based security is that a security role contains privileges that define a set of actions that can be performed within the app. All app users must be assigned to one or more predefined or custom roles. Or, roles can also be assigned to teams. When a user or team is assigned to one of these roles, the person or team members are granted the set of privileges associated with that role.
25
25
26
26
## Prerequisites
27
-
To share an app you must have the [!INCLUDE [powerapps](../../includes/powerapps.md)] Environment Admin or System Admin role.
28
-
29
-
## Share your app for basic use
30
-
To add privileges so the app user can run an app within the environment and perform common tasks for the records that they own, use the **Common Data Services User** security role.
31
-
1. On the [Power Apps](https://web.powerapps.com/?utm_source=padocs&utm_medium=linkinadoc&utm_campaign=referralsfromdoc) site select **Apps**, next to the model-driven app you want to share select **…**, and then select **Share**.
32
-
> [!IMPORTANT]
33
-
> The steps to share a model-driven app are different from a canvas app. For steps to share a canvas app, see [Share a canvas app in Power Apps](../canvas-apps/share-app.md).
34
-
35
-
2. Under **Assign users to the security role** select **Security Users**.
36
-
3. From the list of enabled users select the users that you want to grant access to your app, and then on the command bar select **Manage Roles**.
37
-
4. In the **Manage User Roles** dialog box, select the **Common Data Service User**security role, and then select **OK**.
38
-
39
-
> [!div class="mx-imgBorder"]
40
-
> 
41
-
42
-
5.[Add security roles to the app](#add-security-roles-to-the-app)
43
-
6.[Share the link to your app](#share-the-link-to-your-app)
44
-
45
-
Users with the Common Data Service User security role can now access your app.
46
-
47
-
## Share a model-driven app for specific use
48
-
In this section you perform the tasks for sharing a model-driven app using two security roles, each specific to the app users needs. You learn how to:
49
-
- Create a custom security role
50
-
- Assign users to the custom security role
51
-
- Assign the security role to an app
27
+
Ensure you have a [security role](https://docs.microsoft.com/power-platform/admin/security-roles-privileges) with equal or greater permissions than the role you're assigning to the app and to other users.
28
+
29
+
You may **not** assign higher permissions roles than your current role. For example, users with the **System Customizer** role can assign other users the **Common Data Services User** role, but not vice versa.
30
+
31
+
## Create a security role for your app
32
+
Generally model-driven apps contain custom entities and other custom configuration. It's important to first [create a security role](#create-a-security-role-for-your-app) with permission for all the components used in your app.
33
+
> [!NOTE]
34
+
> This step can be skipped if existing roles grant access to the data in your app.
35
+
36
+
## Share a model-driven app
37
+
Sharing a model-driven app involves two primary steps. First, associate a one or more security role(s) with the app then assign the security role(s) to users.
38
+
1. Visit https://make.powerapps.com
39
+
2. Select a model-driven app and click **Share**.
40
+
3. Select the app then choose a security role from the list.
41
+
4. Search for a user
42
+
5.Select the user then select a role from the list.
43
+
6.Click **Share**.
44
+
45
+
### Share the link to your app
46
+
Unlike sharing canvas apps, sharing model-driven apps does not currently send an email with a link to the app.
47
+
48
+
To get the direct link to an app:
49
+
1. Edit the app and click the **Properties** tab
50
+
2. Copy the **Unified Interface URL.**
51
+
3. Paste the app URL in a ___location so that your users can access it, such as by posting it on a SharePoint site or send via email.
52
52
53
-
### Tutorial overview
54
-
The section will follow the company, Contoso, which has a pet grooming business that services dogs and cats. An app that contains a custom entity for tracking the pet grooming business has already been created and published. Now the app must be shared so that the pet grooming staff can use it. To share the app, an administrator or app maker assigns one or more security roles to users and to the app.
55
53
56
-
###Create or configure a security role
57
-
The [!INCLUDE [powerapps](../../includes/powerapps.md)] environment includes [predefined security roles](#about-predefined-security-roles) that reflect common user tasks with access levels defined to match the security best-practice goal of providing access to the minimum amount of business data required to use the app. Remember that the Contoso pet grooming app is based on a custom entity. Because the entity is custom, privileges must be explicitly specified before users may work in it. To do this, you can choose to do one of the following.
54
+
## Create or configure a security role
55
+
The [!INCLUDE [powerapps](../../includes/powerapps.md)] environment includes [predefined security roles](#about-predefined-security-roles) that reflect common user tasks with access levels defined to match the security best-practice goal of providing access to the minimum amount of business data required to use the app. For example, if your app is based on a custom entity, the entity privileges must be explicitly specified before users may work in it. To do this, you can choose to do one of the following.
58
56
- Expand an existing predefined security role, so that it includes privileges on records based on the custom entity.
59
57
- Create a custom security role for the purpose of managing privileges for users of the app.
60
58
61
-
Because the environment that will maintain the pet grooming records is also used for other apps that the Contoso business runs, a custom security role specific to the pet grooming app will be created. Additionally, two different sets of access privileges are required.
62
-
- Pet grooming technicians only need to read, update, and attach other records so their security role will have read, write, and append privileges.
63
-
- Pet grooming schedulers need all the privileges that pet grooming technicians have, plus the ability to create, append to, delete, and share, so their security role will have create, read, write, append, delete, assign, append to, and share privileges.
64
-
65
59
For more information about access and scope privileges, see [Security roles](https://docs.microsoft.com/dynamics365/customer-engagement/admin/security-roles-privileges#security-roles).
66
60
67
61
### Create a custom security role
68
62
1. On the [!INCLUDE [powerapps](../../includes/powerapps.md)] site select **Apps**, next to the app you want to share select **…**, and then select **Share**.
69
63
70
-
2. From the **Share this app** dialog, under **Create a security role** select **Security Setting**.
71
-
72
-
3. On the **All Roles** page, select **New**.
73
-
74
-
4. From the security role designer, you select the actions, such as read, write, or delete, and the scope for performing that action. Scope determines how deep or high within the environments hierarchy the user can perform a particular action. In the **Role Name** box enter *Pet Grooming Technicians*.
75
-
76
-
5. Select the **Custom Entities** tab, and then locate the custom entity that you want. For this example, the custom entity named **Pet** is used.
77
-
78
-
6. On the **Pet** row, select each of the following privileges four times until organization scope global  has been selected: **Read, Write, Append**
2. Select the app then expand the list of security roles.
82
65
83
-
7. Because the pet grooming app also has a relationship with the account entity, select the **Core Records** tab, and on the **Account** row select **Read** four times until organization scope global  has been selected.
66
+
3. Click **Manage security roles.**
84
67
85
-
8. Select the **Customization**tab, and then in the privileges list select the **Read**privilege next to **Model-driven App**so that organization scope  is selected.
68
+
4. On the **All Roles**page, select **Common data service user** then click **Actions**then **Copy Role.**
86
69
87
-
9. Select **Save and Close**.
70
+
> [!TIP]
71
+
> You may also create a new blank role instead of copying an existing role.
88
72
89
-
10. On the security role designer, in the **Role Name** box enter *Pet Grooming Schedulers*.
73
+
6. In the **Role Name** box provide a descriptive role such as *My custom app access*. Click **Ok.**
90
74
91
-
11. Select the **Custom Entities** tab, and then locate the **Pet** entity.
75
+
7. From the security role designer, you select the actions, such as read, write, or delete, and the [access levels](https://docs.microsoft.com/power-platform/admin/security-roles-privileges#security-roles). Access levels determine how deep or high within the environments hierarchy the user can perform a particular action.
92
76
93
-
12. On the **Pet** row, select each of the following privileges four times until organization scope global  has been selected:
94
-
**Create, Read, Write, Delete, Append, Append To, Assign, Share**
77
+
8. Select the **Custom Entities** tab, and then locate the custom entity used in your app.
95
78
96
-
13. Because the pet grooming app also has a relationship with the account entity and schedulers must be able to create and modify account records, select the **Core Records** tab, and on the **Account** row select each of the following privileges four times until organization scope global  has been selected.
97
-
**Create, Read, Write, Delete, Append, Append To, Assign, Share**
79
+
9. On the row for your custom entity, set access levels for each permission.
98
80
99
-
14. Select **Save and Close**.
81
+
10. Repeat for other entities used in your app.
100
82
101
-
### Assign security roles to users
102
-
Security roles control a user’s access to data through a set of access levels and permissions. The combination of access levels and permissions that are included in a specific security role sets limits on the user’s view of data and on the user’s interactions with that data.
103
-
104
-
#### Assign a security role to Pet Grooming Technicians
105
-
1. From the **Share this app** dialog, under **Assign users to the security role** select **Security Users**.
106
-
2. In the list that is displayed, select the users who are pet groomers, and then on the command bar select **Manage Roles**.
3. In the **Manage User Roles** dialog box, select the **Pet Grooming Technicians** security role that you created earlier, and then select **OK**.
112
-
113
-
#### Assign a security role to Pet Grooming Schedulers
114
-
1. From the **Share this app** dialog, under **Assign users to a security role** select **Security Users**.
115
-
2. In the list that is displayed, select the pet grooming schedulers.
116
-
3. Select **Manage Roles**.
117
-
4. In the **Manage User Roles** dialog box, select the **Pet Grooming Schedulers** security role that you created earlier, and then select **OK**.
118
-
119
-
120
-
## Add security roles to the app
121
-
One or more security roles need to be assigned to the app. Users will have access to apps based on the security roles they're assigned to.
122
-
1. From the **Share this app** dialog box, under **Add the security role to your app** select **My Apps**.
123
-
2. In the lower-right corner of the app tile of the app, select **More options (...)**, and then select **Manage Roles**.
124
-
125
-
126
-
127
-
4. In the **Roles** section, you can choose whether to give app access to all security roles or selected roles. For basic app access, select the **Common Data Service User** security role. For more specific access, select another standard, or a custom or customized security role. For example, select the **Pet Grooming Schedulers** and **Pet Grooming Technicians** roles you created earlier in this section.
128
-
129
-
> [!div class="mx-imgBorder"]
130
-
> 
131
-
132
-
5. Select **Save**.
133
-
83
+
11. Select the **Customization** tab, and ensure **Read** privilege is set for **Model-driven App** so that organization access level  is selected.
134
84
135
85
> [!IMPORTANT]
136
86
> Users granted **Create** or **Write** to the **Model-driven App** privilege have access to all apps in the environment, even when they're not part of any role that has access to the app.
137
87
> 
138
88
139
-
## Share the link to your app
140
-
1. From the **Share this app** dialog box, under **Share the link to your app directly with users** copy the URL that is displayed.
141
-
> [!div class="mx-imgBorder"]
142
-
> 
143
-
144
-
2. Select **Close**.
145
-
3. Paste the app URL in a ___location so that your users can access it, such as by posting it on a SharePoint site or send via email.
146
-
147
-
You can also find the app URL on the **Properties** tab in app designer.
0 commit comments