►
From YouTube: Power Apps Permissions - Demo
Description
Learn about Power Apps permissions by community guru Daniel Christian.
This demo was taken from the November community call https://youtu.be/fG2_YDG5EDU
For more information, visit https://powerapps.microsoft.com
To attend live, monthly community calls, download the series at
https://aka.ms/powerappscommunity call
Stay connected
Twitter https://twitter.com/microsoft365dev
YouTube https://aka.ms/M365DevYouTube
Blogs https://aka.ms/M365DevBlog
A
One
thing
I
do
want
to
add,
though,
is
that
in
the
last
ignite
that
we
were
there
ignite
sessions,
there
was
such
an
explosion
of
new
environment
level,
permissions
managements
that
are
going
to
coming
out
releases,
and
I
want
to
thank
all
the
product
groups
for
that,
because
right
now,
powerapps
is
being
leveraged
at
such
a
high
enterprise
level,
customers
as
well,
and
they
gave
a
lot
of
feedback
that
we
need
these
levels
of
permissions.
A
These
gaps
of
permissions
need
to
be
filled
and
I
believe
all
those
gaps
are
going
to
be
filled
after
all
these
announcements
that
were
made
so
I
just
wanted.
I
don't
want
to
digress
too
much,
but
I
don't
want
to
call
that
out
all
right.
So
what
we're
going
to
talk
about
today
is
permissions
and
the
you
know
for
me,
people
call
me
as
unconsciously,
optimistic
I'm
also
the
kind
of
guy
who
says
security
first
performance
later.
That
is
all
true
about
me.
A
I
would
like
to
set
something
up
which
is
secure
right
from
the
get-go
and
then
after
that
I
don't
have
to
worry
about
it.
So
what
I'm
going
to
do
today
is
in
the
you
know,
in
the
short
period
of
time,
I'm
actually
going
to
tell
you
how
I
can
handle
permissions
at
the
service
level,
which
is
the
power
platform
service,
powerapps
power
automate
at
the
environment
level
and
at
the
app
level
specifically
on
the
app,
is
inside
the
app
at
the
controls
and
at
the
app
outside
over
there
right.
A
A
I've
set
up
some
functionalities
and
formulas
such
that,
if
you
are
a
person
working
which
this
is
your
start
time,
and
this
is
your
end
time
and
if
you
don't
show
up
at
that
time,
you
can't
open
up
this
app
and
put
in
a
you
know
your
your
start
time
and
your
end
time.
It's
actually
very
simple
how
I
was
able
to
accomplish
that.
So
let
me
just
show
you
what
was
some
of
the
tricks
to
it.
A
So
when
I
come
in
over
here,
normally
there
would
actually
be
a
button
and
then
that
button
over
here
it
would
actually
come
in,
and
you
know
this
button
would
say
this
is
your
start
time,
but
one
of
the
first
things
I've
done
is
right
at
the
app
loading
when
the
app
on
start
happens
over
here,
I've
got
a
simple
variables.
You
know
over
here
the
variables
which
is
go
ahead
and
get
me.
What
is
the
login
user?
A
Make
that
call
one
time
and
I've
already
got
the
login
used
over
there,
but
what
I'm
also
doing
is
the
user
who
has
logged
into
the
app
who's
using
the
app
I
am
going
and
taking
the
email,
which
is
a
very
unique
identifier
for
that
user.
I'm
grabbing
that
email
address
and
I'm
doing
a
check
against
a
list.
It
could
be
a
sharepoint
list,
it
could
be
a
cds
entity
oops.
I
said
entity
it's
cds
table
now.
A
It's
the
cds
table,
your
sql.
Whatever,
whatever
is
the
backend
you
have
over
there,
you
go
ahead
and
reference
it
over
there.
So
here's
what
I
did.
I
got
a
sharepoint
list
over
here,
quick
and
easy,
and
I've
got
a
list
running
which
is
basically
telling
me
the
employee
name
the
days
of
the
week
and
then
the
hours
of
the
start
and
end
time.
This
is
it.
A
So
as
long
as
they
fall
into
that
hour
limitation
go
ahead
and
display
the
button
over
there.
But
if
that
hour
you
know,
time
span
has
has
elapsed,
then
go
ahead
and
hide
the
button.
So
it's
actually
a
very
simple
logic
to
go
ahead
and
put
in
this
visible
functionality
over
there,
and
you
know
running
it
against
over
there.
So
now
what
happens
is
well,
obviously,
employees
change
their
routine
holiday
seasons
coming
up
whatever
very
simple.
You
don't
have
to
be
a
developer
to
go,
make
any
changes.
A
The
everyday
manager
supervisor
you
know
can
come
over
here
and
say:
okay
yeah,
this
is
pretty
simple:
straightforward.
Daniel
is
going
to
be
working
overtime
during
the
holiday
season,
so
I
just
got
to
make
sure
that
he
is
yes
for
all
these
other
dates
as
well
and
he's
going
to
put
in
some
12-hour
shifts.
A
You
might
even
find
a
way
to
just
take
this
data,
put
it
into
the
app
and
for
the
app
you
can
go
ahead
and
make
the
changes
over
there
kudos
to
you
guys,
that's
completely
possible
on
that
way
over
there.
So
I
want
to
switch
gears
now
because
we
talked
at
the
inside
of
the
app
level
right
at
the
control
level.
That's
the
first
level
of
permissions
that
we
can
handle.
Now,
let's
just
look
at
the
app
itself.
Now
I
know
most
of
you
already
do
this,
but
I
still
want
to
talk
about
it.
A
Is
that
at
the
app
there's
several
ways
to
give
permissions
to
the
app
one
of
them
is,
I
can
actually
go
into
the
app
I
can
go
to
the
share
and
in
the
share
I
can
add
all
the
users
over
there
and
that
usually
works
great
from
a
small.
You
know
a
a
you
have
a
department
over
there.
You've
got
five
six
people
in
the
department.
That's
great!
You
go
ahead
and
put
that
in
you.
You
share
the
app
at
the
user
level,
it
all
works.
A
Obviously
you
need
to
make
sure
that
the
users
have
access
to
the
backend
database
over
there.
In
my
case,
I've
got
to
make
sure
that
the
users
also
have
access
to
the
sharepoint
list
over
there.
So
that's
you
know
one
of
the
backend
things
that
have
to
happen,
but
once
all
the
back-end
databases
it's
taken
care
of,
you
can
go
ahead
and
actually
even
see
how
you
know
the
app
is
configured
because
over
here
in
the
app
I've
used,
a
security
group
now,
first
tip
tip.
A
I
want
to
use
I'm
going
to
be
throwing
a
lot
of
tips
out
there.
I
personally,
when
I
set
up
a
security
group,
do
it
at
the
azure
80,
don't
go
and
do
it
at
the
microsoft
365
admin
over
there.
Azure
80
just
helps
to
do
look
at
a
lot
more
properties
over
here.
So
I
always
do
mine
at
the
azure
808
here.
So
I
come
over
here
into
the
security
groups,
and
this
is
when
I
mean
I
go
into
the
azure
80.
A
I
go
into
the
groups
and
I
go
and
I
create
a
new
group.
I
go
ahead
and
create
a
security
group,
and
this
is
how
I
personally
do
my
naming
convention,
because
at
the
at
the
broader
entity,
tenant
level
when
either
you
are
the
global
admin
or
you
are,
you
know
or
you're
putting
in
a
ticket
request
to
your
azure
team.
Tell
them
that
I'm
putting
in
the
request
for
powerapps,
but
you
are
the
one
responsible
for
putting
in
that
security
group
name.
A
So
when
it
comes
to
a
app
say,
it
is
an
app
and
this
is
why
I've
gone
ahead
and
done
that
I've
actually
gone
ahead
and
said
that
pa
for
powerapps
and
it
is
a
timesheet,
app
dash
sg.
Now
this
is
the
the
you
know,
the
the
syntax
I
use
you
can
put
the
sg
before
after
whatever
come
up
with
the
naming
convention.
That
makes
sense
to
you
and
that's
how
you
want
to
use
it
over.
A
There
see
I've
come
up
with
the
different
flavors
I've
done,
pa
I've
done
power,
apps,
whatever
works
for
you,
but
make
it
kind
of
very
user
friendly.
I
personally
use
the
kiss
technique
kisses.
Keep
it
simple
stupid!
That's
what
I
do.
It
just
works
for
me
now,
so
we
went
ahead
and
did
that
and
then
that
one
is
assigned
right
into
the
app
level
over
here
all
right
now,
let's
switch
gears
because
we
took
out
care
of
the
controls
inside
we
took
care
of
the
apps.
A
Now
I'm
going
to
go
and
take
it
to
the
next
level
is
at
the
environment
level.
So
at
the
environment
level,
you've
got
to
be
the
power
platform.
Admin
over
there-
and
I
want
to
stop
and
talk
about
that,
because
many
people
think
that
they're
the
power
platform
admin
and
the
reason
they
think
that
is
because
they
say
well.
A
I
can
come
in
over
here
and
I
can
go
to
the
settings
gear
over
there
and
I
can
go
to
the
admin
center
and
I
have
the
power
platform
admin
remember
when
you
log
in
everybody
logs
in
as
the
maker.
But
if
you
are
not
the
admin
you're
not
going
to
see
a
lot
of
stuff
away,
you
might
only
see
access
to
your
things,
but
one
of
the
big
things
that
you
will
not
see
is
you
won't
see
the
default
one
over
there.
So
kind
of
keep
that
in
mind.
A
Make
sure
that
when
you're
starting
to
work
with
the
the
power
platform
and
sections
over
there
have
access
be
very
confident
that
you're
the
power
platform
admin
and
to
do
that
is
you
go
into
the
azure
80
you
go
and
look
at
the
security
rules
over
there
and
add
yourself
to
the
power
platform
admin.
I've
got
a
whole
bunch
of
videos.
Just
on
that
topic,
all
right.
Coming
back
to
the
discussion
I
had
so
I'm
going
to
go
back
over
here
to
the
power
platform
admin.
A
My
app
was
in
this
environment
over
here,
so
I'm
going
to
click
on
that
and
now
at
the
environment
level,
I've
gone
ahead
and
added
a
security
group.
What
does
that
mean?
What
that
means
is
that
people
in
this
security
group
have
access,
have
access
not
only
to
the
environments,
but
those
are
the
people
who
can
be
also
the
makers
and
the
admins
to
that
environment.
A
Very
important
thing
for
you
to
know
that,
because
what
happens
is
many
times
if
you've
gone
ahead
and
created
an
environment
and
if
you
haven't
assigned
a
security
group,
then
everybody
has
access
to
that
environment.
When
I
say
that
some
people
freak
out
about
it,
this
isn't.
What
do
you
mean?
Everybody
has
access
to
everything
in
the
environment,
saying
no?
No,
no,
they
don't
have
access
to
everything.
A
What
they
do
is
they
have
access
to
get
into
the
environment
over
there
in
the
environment
level,
all
they
see
is
all
you've
given
them
access
to,
which
means
they
could
come
into
an
environment,
and
it
could
be
blank
or
they
would
just
see
those.
You
know
the
out
of
the
box
templates
apps
over
there,
but
they
would
not
be
able
to
see
your
app.
However,
they
have
the
door
to
walk
into
that
so
kind
of
keep
that
in
mind.
A
Now
let
me
pause
over
here
and
answer
this
one
question,
because
whatever
is
always
this
misconception,
people
have
is
that
well,
do
people
need
to
be
in
that
security
group
to
even
use
the
app
and
the
answer
to
that
is
no,
as
long
as
the
users
have
the
access
to
the
data
source
in
the
back
end
and
as
long
as
the
users
have
basically
just
the
link
to
the
app
they
don't
need
to
be
part
of
the
security
group
to
use
the
app
only
the
makers
and
the
environment
admins
need
to
be
in
part
of
that
security
group.
A
So
it's
a
very
important
feature
that
you
need
to
understand
is
that
users
don't
need
to
be
part
of
the
security
group.
Is
the
makers
and
the
admins
right,
so
we
covered
the
environment
level
now.
Finally,
let's
switch
over
and
look
at
the
entire
tenant
level.
Now
the
tenant
level,
I
can
go
back
into
the
azure
id
over
here
and
there's
a
couple
of
things
you
need
to
do.
Tenant
level
usually
boils
down
to
licenses
now
in
the
licenses.
A
There's
always
these
questions
that
come
up
to
me
is
that
daniel,
in
order
for
them
to
use
permissions,
and
things
like
that,
do
I
need
to
give
them.
You
know
this
level
of
access
like
if
they're
doing
any
of
the
e3s
or
you're
doing
e5s.
The
broad
ball
boils
down
to
the
data
source.
What
are
the
connectors
that
you're,
using
and
based
on
that?
You
can
go
ahead
and
use
it.
A
There
is
something
called
as
self
service
sign
up
products
now
in
the
sell
service
final
products
by
default.
There
is
all
of
these
products
already
set
up
over
there.
Now,
if
you
have
a
scenario
where,
if
your
user
is
part
of
the
power
apps
and
now
that
you
just
want
to
make
sure
that
user
doesn't
have
part
of
any
of
the
power
apps
on
the
power
app
site
well,
actually
on
both
the
sides,
specifically
on
the
power
app
side.
A
Initially,
when
this
is
a
brand
new
user,
that
user
just
cannot
get
into
the
power
apps
if
no
license
is
assigned.
In
fact
they
pop-up
comes
up
saying
you
can
go
and
I
have
a
trial,
and
if
you
subscribe
for
the
trial,
then
you
can
use
that
on
the
power
automate.
It
actually
automatically
assigns
to
you
a
trial
license
over
there.
If
you
want
to
completely
block
that
this
is
where
you
come
into
the
azure
id,
and
then
you
go
ahead
and
take
something
off
now,
a
very,
very
important
thing.
A
I
think
that
you
don't
listen
to
anything.
Listen
to
this
is
that
this
only
works
once
after
a
user
has
been
using
this
for
a
while,
and
you
go
take
this
off.
The
users
usually
still
have
access
to
at
least
the
default
environment,
even
if
you
take
all
of
these
off
now,
there's
other
ways
to
go
ahead
and
make
sure
that
you
even
block
that
one
of
them
is
just
disable
the
accounts
altogether.
The
employees
left
the
company,
but
this
is
basically
the
final
level
over
here.
A
Is
that
if
you
don't
want
users
to
have
self-service,
go
ahead
and
take
this
off,
but
if
a
user
has
been
using
it
for
a
while,
this
may
not
always
work
for
you
and
I'm
always
saying
it
may,
because
you
know
you
could
customize
your
permissions
at
that
level.
So
as
an
overview.
This
is
basically
all
that
we
accomplished
over
here.
We
went
ahead
and
talked
about
it
from
a
self-service
standpoint
right
at
the
service
level.
He
went
and
talked
about
it
at
the
environment
level,
at
the
environment
level.
A
I
was
said
that
you
know
you
all
breaking
okay
down
on
the
permissions
over
there
with
a
security
group
tied
to
the
environment
inside
the
environment.
I
had
an
app
on
the
app
itself.
I
use
the
security
group
and
then
even
inside
the
app
when
it
comes
to
controls,
I
can
use
it
based
on.
You
know
either
a
database
over
there,
which,
whatever
is
the
databases
in
the
backend
or
you
could
even
use
securities
inside
the
app
over
there
and
I'm
going
to
leave
that
as
a
whole
separate
discussion
altogether.
A
B
Great
overview,
daniel,
that's
for
sure,
and
like
you
said,
that
is
a
total
overview
right
I
mean
when
you
really
start
digging
into
the
weeds
on
some
of
these
things,
there's
a
whole
lot
more
to
learn.
I
know
you
have
a
lot
of
videos
on
that.
I've
got
a
couple,
I'm
trying
to
think
who
else
does
I
think
reza
put
together
a
security
permission?
Video
too
lots
to
learn
there
thanks
for
the
great
overview
and
crash
course
at
the
different
level
here,
where
you
can
apply.