Sharing Apps, Flows and Connections can often times be challenging, especially for those new to the Power Platform, so I thought I would take a look at troubleshooting some of the common challenges and resolutions when it comes to sharing these components.
We will first look at sharing Power Apps, both Canvas Apps and Model-Driven Apps.
All the examples assume as an App Maker you are following best practices and using Solutions and Connection References, the latter, where applicable.
Before we get started, let me introduce you to a couple of team members, our Power Platform Administrator, Hoban and our User, Kaylee.
With the help of Hoban and Kylee we will look at the following scenarios:
- Canvas App – User not a member of the Security Group assigned to the Environment
- Canvas App – User is a member of the Security Group assigned to the Environment
- Model-Driven App – User not a member of the Security Group assigned to the Environment
- Model-Driven App – User is a member of the Security Group assigned to the Environment
Canvas App – User not a member of the Security Group assigned to the Environment
This scenario involves a Solution with a Canvas App.
The Canvas App does not use any Connectors or call any Flows.
Hoban, the Power Platform Administrator, needs to share the Web link for the Canvas App the User, Kaylee.
In Power Apps Studio, Hoban clicks Apps and then clicks the three dots next to the Canvas App he wants to share.
He then clicks Details and clicks the Copy icon next to the Web link.
He shared the link with Kylee.
When Kaylee tries to access the Canvas App, she receives the following error message:
This app isn’t opening correctly
You can’t open apps in this environment. You are not a member of the environment’s security group.
This is actually a helpful error message! 🙂
The Environment has a Security Group assigned to it, currently, Kaylee is not a Member of the Security Group.
Hoban can resolve this problem in either using the Azure portal or the Microsoft 365 admin center.
Hoban is most familiar with Microsoft 365 admin center, so he chooses that.
He navigates to the Microsoft 365 admin center, expands Teams & groups and clicks Active teams & groups.
He enters the name of the Security Group at the Search all teams and groups prompt.
He then selects the Security Group.
On the Membership tab he clicks Members and then Add members.
He searches for the User he wants to add, selects them from them list, and clicks Add.
Hoban asks Kaylee to try again.
Kaylee tries it again and what Hoban did, did fix the error, but now Kaylee is being prompted to Request access to the Canvas App.
Canvas App – User is a member of the Security Group assigned to the Environment
Now that Kaylee is a member of the Security Group, and has access to the environment, we now want to share the Canvas App with her.
To share the Canvas App, Hoban navigates to the Solution.
He clicks the three dots next to the Canvas App he wants to share, and then clicks Share.
He could share it directly with Kaylee but decides that all users in the Security Group that Kylee belongs to should have access to the Canvas App, so he searches for the Security Group, selects it from the search results and then clicks Share.
Kaylee tries it again, and now has access to the Canvas App!
Model-Driven App – User not a member of the Security Group assigned to the Environment
This scenario involves a Solution with a Model-Driven App.
The Model-Driven App only uses the Account table available in the Dataverse.
Hoban shares the Web link for the Model-Driven App with Kaylee.
When Kaylee tries to access the Model-Driven App, she receives the following error message:
You (XXX@DemoCSUAppInnovation.onmicrosoft.com) need to be added to a security group to access this environment.
Ask your admin to add you to this environment’s security group and then retry accessing this environment. Learn about security groups.
Oh, should have mentioned, for whatever reason, Kaylee had been removed from the Security Group, so Hoban adds her back to the Security Group using Microsoft 365 admin center.
Kaylee tries it again and is still getting an error, but a different error! The new error is as follows:
If you are the administrator, you can go to the solutions page and import a different solution.
You don’t have permissions to these records or something may be wrong with the site map. Contact your Dynamics 365 administrator. If you are the administrator, you can go to the solutions page and import a different solution.
Model-Driven App – User is a member of the Security Group assigned to the Environment
Same setup as the previous example, but now Kaylee is a member of the Security Group.
Hoban needs to share the Model-Driven App with Kaylee.
To share the Model-Driven App, Hoban navigates to the Solution.
He clicks the three dots next to the Model-Driven App he wants to share, and then clicks Share.
Hoban decides to share the Model-Driven App with a Security Group.
Since Model-Driven Apps rely on Dataverse, Hoban will need to assign a Security Role to the Security Group.
The only table that is being used is the Account table, so Basic User Security Role should suffice.
Hoban selects the App and assigns the Basic User Security Role; this will allow Security Role to be selected when sharing with a User or a Security Group.
Hoban searches for the Security Group, selects the Security Group, assigns it the Basic User Security Role and clicks Share.
Kaylee tries it again, and now has access to the Model-Driven App!
One thing to note, if your Canvas App or Model-Driven App uses Dataverse tables it is recommended to create a new Security Role (or multiple roles) that is specific to the application, giving the Security Role the necessary privileges to Standard and Custom tables, and then use that as Security Role when it comes to sharing the Canvas App or Model-Driven App.
In future blogs we will add some additional features to the Canvas App, such as Connectors and Flows, and see how to share them with our users.
Discover more from Matt Ruma
Subscribe to get the latest posts sent to your email.