PowerApps – Environment Overview

An environment is defined as a space to store, manage and share organizations business data, apps, and flows.

An environment is a space to store, manage, and share your organization’s business data, apps, and flows.

Environments also serve as containers to separate apps that may have security requirements or target audiences. There are different ways to leverage environments:

  • Build your apps in a single environment.
  • Create separate environments that group the Test and Production versions of your apps.
  • Create separate environments that correspond to specific teams or departments in your company, controlling what apps and data.
  • Different global branches of your company.

Environment scope

Environments are created under an Azure AD tenant. Its resources can only be accessed by users within that tenant. An environment is also bound to a geographic location, for example Australia, that app is routed to only datacenters in that geographic location. To add, items you create in that environment (flows, connections, etc) are bound to the environment location.

When it comes to Common Data Service Databases, environments can have zero or one database. Licencing comes into play when it comes to creating databases. The licence you purchase for PowerApps and you permission will restrict or enable you to create environments. https://docs.microsoft.com/en-us/power-platform/admin/pricing-billing-skus

When you create an app in an environment, that app is only permitted to connect to the data sources that are also deployed in that same environment, including connections, gateways, flows, and Common Data Service databases. For example, let’s consider a scenario where you have created two environments named ‘Test’ and ‘Dev’ and created a Common Data Service database in each of the environments. If you create an app in the ‘Test’ environment, it will only be permitted to connect to the ‘Test’ database, it won’t be able to connect to the ‘Dev’ database. There will be a future blog coming on this area.

Environment permissions

Security roles, or safe guarding roles, environments have two standard roles that provide access to permissions within an environment:

The Environment Admin role – This role can perform all administrative actions on an environment including:

  • Add or remove a user or group from either the Environment Admin or Environment Maker role
    • Provision a Common Data Service database for the environment
    • View and manage all resources created within an environment
    • Set data loss prevention policies.

The Environment Maker role – This role can create resources within an environment including apps, connections, custom connectors, gateways, and flows using Microsoft Flow.

Environment Makers can also distribute apps they build in an environment to other users in your organization by sharing the app with individual users, security groups, or to all users in the organization. Share an app in PowerApps.

Users or groups assigned to these environment roles are not automatically given access to the environment’s database and must be given access separately by a Database owner. Configure database security.

Users or security groups can be assigned to either of these two roles by an Environment Admin from the Power Platform Admin center or PowerApps Admin center.

The default environment

A single default environment is automatically created by PowerApps for each tenant and shared by all users in that tenant. Whenever a new user signs up for PowerApps, they are automatically added to the Maker role of the default environment. Not users will be added to the Environment Admin role of the default environment automatically.

The default environment naming convention is: “{Azure AD tenant name} (default)”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s