Sharing model-driven apps allows users to collaboratively engage in the development, maintenance, and use of the applications. Microsoft Power Platform App Maker provides a user-friendly environment for sharing these apps with users and groups using various access levels.
The sharing process typically begins by signing into the Power Apps portal. After accessing the “Apps” section, select the model-driven app and click on the “Share” button. You can choose to share the app with specific users, groups, or teams.
When you share an app, the recipients will have varying capabilities in using the app based on their assigned security role. It’s worth noting that users require a minimum of the “Basic User” security role to use a model-driven app.
Security Roles
Security roles in the Power Apps platform define a user or group’s permissions and their level of access to different entities present within the app. These roles include Create, Read, Write, Delete, Append, Append To, Assign, and Share.
You can assign multiple roles to a single user or group. Microsoft provides a number of predefined security roles, but you can also define custom security roles tailored to your organization’s needs.
Sharing capabilities with users based on their security roles ensures that sensitive data is accessible only to those with proper authority, thereby upholding the principle of least privilege.
Example: Sharing an App with a User or Group
For example, let’s assume we have a model-driven app called “Sales Tracker,” and want to share it with a team called “Sales Team.”
- Log in to Power Apps and navigate to the “Apps” section.
- Select the “Sales Tracker” app, then click on the “Share” button.
- In the dialogue box that opens, enter “Sales Team” into the box and select the team from the drop-down list.
- In the “Roles” section, assign the desired security role. For example, “Salesperson”.
- Click “Share” to finalize the process.
With these steps, the Sales Tracker app would be shared with the Sales Team, with all team members receiving the security role “Salesperson.”
Creating and Assigning Custom Security Roles
As each organization has specific needs and structures, custom security roles can be created to meet those needs more precisely.
To create a custom security role:
- Sign into Power Apps and go to the environment section.
- Go to “Settings” -> “Security” -> “Security Roles”.
- Click “New” to create a new security role.
- Fill in the details of the role, including the name and the various permissions.
- Click “Save and Close”.
You can then assign this custom security role to users or groups while sharing your model-driven app, similar to the way predefined roles are assigned.
In conclusion
Sharing model-driven apps allows collaborative work on Microsoft’s Power Platform, while maintaining necessary restrictions. This caters to a diverse range of business models and practices, thereby significantly enhancing productivity and efficiency.
Practice Test
True or False: You can share model-driven apps with users who do not have a Power Apps license.
- True
- False
Answer: False
Explanation: All users who want to run a model-driven app must have the appropriate license.
Multiple select: Which of the following can you share a model-driven app with?
- a) Users
- b) Teams
- c) Security groups
- d) Distribution groups
Answer: a) Users, b) Teams, c) Security groups
Explanation: You can share a model-driven app with users, teams, or security groups in Power Apps.
True or False: When you give a user access to an app, you also automatically give them access to all the tables and data used in the app.
- True
- False
Answer: False
Explanation: Even though the user has access to the app, you need also to grant them access to the tables and data used in the app.
True or False: Admins can share an app with themselves.
- True
- False
Answer: True
Explanation: Admins can share an app with themselves as they have the highest level of privileges.
Single select: What is needed to share a model-driven app?
- a) App’s URL
- b) Security roles
- c) License
- d) All of the above
Answer: d) All of the above
Explanation: To share a model-driven app, the user needs the app’s URL, an assigned security role, and a suitable license.
True or False: A security role is a collection of settings that provide users with permissions to perform various tasks.
- True
- False
Answer: True
Explanation: Security roles in Power Apps help to manage user’s permissions to perform different functions.
Multiple select: Which permissions can you set for a user in a security role?
- a) Create
- b) Read
- c) Write
- d) Delete
Answer: a) Create, b) Read, c) Write, d) Delete
Explanation: The permissions you can set for a user in a security role include creating, reading, writing, and deleting records.
Single select: Which of the following is required to run a model-driven app?
- a) A Power BI license
- b) A Power Automate license
- c) A Power Apps license
- d) A Microsoft Teams license
Answer: c) A Power Apps license
Explanation: To run a model-driven app, the user must have the appropriate Power Apps license.
True or False: It’s not possible to share a model-driven app with a group of users at once.
- True
- False
Answer: False
Explanation: You can share a model-driven app with a group of users at once by using security groups.
True or False: It’s a good practice to give all users in your organization the same permissions to a model-driven app.
- True
- False
Answer: False
Explanation: It’s generally a good idea to only grant permissions as needed to ensure secure access to data and functionalities.
Single select: What can users do with a model-driven app if you only grant them read access?
- a) Modify the app’s data
- b) Create new records in the app
- c) View the app’s data but not modify it
- d) None of the above
Answer: c) View the app’s data but not modify it
Explanation: With read access, users can only view the data in the app, but they can’t create or modify records.
Multiple select: What must you do before sharing a model-driven app with a user?
- a) Make sure the app is published
- b) Assign the user a security role
- c) Copy the app’s URL
- d) All of the above
Answer: d) All of the above
Explanation: Before sharing a model-driven app with a user, you need to ensure that the app is published, and assign the user a security role and the app’s URL.
True or False: You can also remove user access to a model-driven app after you have shared it with them.
- True
- False
Answer: True
Explanation: Access to a model-driven app can be controlled at any time, which includes removing access if necessary.
Single select: Who can share a model-driven app with other users?
- a) Any member of the organization
- b) Only the app creators
- c) Admins or app owners
- d) External users
Answer: c) Admins or app owners
Explanation: Only admins or app owners have the privileges to share a model-driven app with other users.
True or False: Sharing a model-driven app with a user automatically gives them access to all its underlying resources.
- True
- False
Answer: False
Explanation: Despite having access to the app, users must also be granted permissions to access its underlying resources separately.
Interview Questions
What is the primary purpose of sharing model-driven apps in Microsoft Power Platform?
The primary purpose is to allow other users and groups to use the app for various tasks, thus promoting productivity and collaboration within an organization.
How do you share a model-driven app with other users in Power Platform?
You share a model-driven app by selecting the app from the Apps page, then clicking on ‘Share’ and selecting the users or groups to whom you want to grant access.
What permission is required to share model-driven apps in Power Platform?
The users need to have environment-level permissions to read and write on the App object.
What is the importance of security roles in sharing model-driven apps?
Security roles determine what level of data and functions a user can access in the shared app. Without the appropriate security roles, users might not be able to use the app as intended.
Can a user access model-driven app shared with them if they don’t have adequate permissions for the underlying data?
No, it’s not possible. Even if the app is shared with the user, he or she must have proper permissions for the underlying data and entities to use the app properly.
When sharing a model-driven app, does it automatically share the underlying entities with the users and groups?
No, you need to individually share underlying entities when sharing a model-driven app. App sharing does not automatically grant users access to these entities.
How can you modify the access level of shared model-driven apps?
You can modify the access levels by going to the Sharing Settings of the app and then adjusting the permissions for each user or group.
Can you remove a user or group from a shared model-driven app?
Yes, you can remove a user or group by going to the Sharing Settings of the app and then selecting the target user or group to unshare.
What effect does unsharing a model-driven app have?
Unsharing a model-driven app revokes the access of the specified user or group to the app. They will no longer be able to view or use the app.
Can a user who does not have sharing permissions but has app usage permissions use a shared model-driven app?
Yes, once a model-driven app has been shared with a user, they can use it if they have the necessary permissions to use it even if they do not have permissions to share it.
Is it possible to share a model-driven app with external users?
Yes, you can share a model-driven app with external users by inviting them to your Azure Active Directory tenant and providing them with access permissions.
What happens when you share a model-driven app with a group?
When you share a model-driven app with a group, all members of the group gain access to the app based on the permissions specified during the sharing process.
Can I share a model-driven app with the public?
No, due to security and privacy concerns, model-driven apps cannot directly be shared with the public.
Why can’t a user see a model-driven app that has been shared with them?
The user might not be able to see the app due to lack of necessary permissions to access the app, or the underlying data and entities. It’s also possible they are not part of the security roles that have access to the app.
What steps can be taken if a user cannot access a model-driven app that has been shared with them?
You should first check the user’s security roles and permissions to ensure they have adequate access. If that’s not the issue, consider re-sharing the app with the user or checking with your IT department for potential organizational restrictions.
extutorials.com