Model Driven Apps (Part 1)

Dataverse users, business units and security roles

Users

The illustration below shows p8lf's organization structure.

The individuals listed below will receive Dataverse security roles aligned with their duties.

p8lf users

Environments

Power Apps environments are logical containers within the Microsoft Power Platform where you can build, test, and deploy apps, flows, and other solutions. These environments provide a structured way to manage and govern your Power Apps and Power Automate (formerly known as Microsoft Flow) resources. Here are some key aspects of Power Apps environments:

Isolation: Environments provide a way to isolate different projects, teams, or departments within your organization. Each environment has its own set of resources and settings, making it easier to manage and control access to data and solutions.

Security: Environments allow you to define security policies and permissions at the environment level. This means you can control who has access to the resources and data within a particular environment.
Development and Testing: Environments support the development and testing lifecycle of your Power Apps and Power Automate solutions. You can create a development environment for building and testing your applications before promoting them to a production environment.

Data Sources: You can connect environments to different data sources, such as SharePoint, SQL databases, or custom connectors. This allows you to access and manipulate data as needed for your apps and flows.

Deployment: Environments facilitate the deployment of solutions from one environment to another. You can move apps, flows, and other components from a development or test environment to a production environment when they are ready for use.

Governance: Environments help organizations enforce governance policies by separating environments for different purposes and controlling access to resources. This is crucial for maintaining data integrity and security.

Versioning: You can maintain different versions of apps and flows in separate environments. This allows you to keep track of changes and revert to previous versions if necessary.

Sandbox Environments: Power Apps also offer sandbox environments, which are ideal for testing and experimentation. They provide a safe space to try out new ideas without affecting production environments.

In summary, Power Apps environments are essential for managing and organizing your Power Platform resources effectively. They provide a structured approach to development, testing, deployment, and security, helping organizations make the most of the Power Apps and Power Automate capabilities while maintaining control and governance.

I created the Develop environment. The p8lf (default) environment was provided by Microsoft.

Solutions

In the context of Microsoft Power Platform, "Solutions" refer to containers or packages that allow you to group and manage related components such as apps, flows, custom connectors, and more. Solutions provide a way to organize, deploy, and package your Power Platform assets, making it easier to manage and transport them across different environments. Here are some key aspects of Power Platform Solutions:

Organizational Structure: Solutions help you organize your Power Platform assets logically. You can group components that belong to a specific project, department, or business process within a solution.

Version Control: Solutions support version control for your components. You can maintain multiple versions of a solution, allowing you to track changes, implement updates, and roll back to previous versions if needed.
Portability: Solutions make it easy to transport your apps, flows, and other components between different environments, such as from a development environment to a production environment. This simplifies the deployment process.

Dependency Management: Solutions automatically manage dependencies between components. When you include a component in a solution, it will also include any related components required for it to function properly.

Managed and Unmanaged Solutions: There are two types of solutions: managed and unmanaged. Managed solutions are typically used for distributing and protecting your intellectual property, as they prevent users from modifying the included components. Unmanaged solutions, on the other hand, allow users to make changes to components within the solution.

Security: Solutions allow you to specify security roles and permissions for the components within them. This ensures that only authorized users have access to specific parts of the solution.

Distribution: You can distribute solutions to other organizations or tenants, making it easier to share your applications and customizations with external parties or clients.

Export and Import: You can export solutions as package files (managed or unmanaged) and import them into other environments or instances of the Power Platform. This is particularly useful for promoting changes from development to testing and production environments.

Lifecycle Management: Solutions are a key component of the Power Platform's application lifecycle management (ALM) process, allowing you to define and manage the various stages of development, testing, and deployment.

Overall, Power Platform Solutions are essential for structuring, managing, and controlling your Power Platform assets, ensuring that you can efficiently develop, maintain, and distribute applications and customizations within your organization and across different environments.

Solutions in the Develop environment

Publishers in the Develop environment

Suggestions

As a demonstration I created a Suggestions model driven app.

The steps are shown below.

I created a Suggestions solution in the Develop environment

I added a Suggestion table to the Suggestions solution

I updated the type of the Name column from Single line of text to Autonumber

I added an Autonumber prefix (and updated Required to Optional)

I added a Suggested Details column

I updated the Active Suggestions view (I clicked the Save and publish button)

I updated the Main form (I clicked the Save and publish button)

I created a model driven app

I added a page to the model driven app

I clicked the Publish button

I clicked the Export solution button

I clicked the Export button

I downloaded the solution

I switched to the p8lf (default) environment

I imported the managed solution

The suggestions solution was imported successfully

The Suggestion table was created

The Suggestions app was created

Clicking the Suggestions button on the navigation menu opened the Active Suggestions view

I created a new Suggestion and clicked Save & Close

I can see my suggestions

What can Isaiah see?

Logged into office.com as IsaiahL@p8lf.onmicrosoft.com

Isaiah is unable to run the Suggestions app

I checked what security roles were enabled for Isaiah 

Basic User security role was enabled

Environment Maker security role was enabled

Environments and Solutions

The Basic User security role grants privileges to the core business tables, such as Account, Contact, and Activity. Basic Users can access out-of-the-box entities only. Basic Users can run an app in the environment and perform common tasks on the records they own.

An Environment Maker can create new resources associated with an environment, including apps, connections, custom APIs, gateways, and flows using Microsoft Power Automate. However, this role doesn't have any privileges to access data in an environment.

Neither of these security roles allowed Isaiah to access the Suggestions table (or to run the Suggestions app)

Isaiah is unable to access the Suggestions table (or to run the Suggestions app)

I returned to the Develop environment and added a Security role

The quarter yellow circle shows that the permissions apply to the record owner.
Suggestion table permissions (User)

I exported the updated solution

I imported the updated solution

I added Suggestions Maker role to user Isaiah

Security roles have been updated for Isaiah Langer

Isaiah added a Suggestion

Isaiah could only see his suggestion

Lidia can not see Isaiah's suggestion

Lidia added a suggestion

Lidia can only see her suggestion

Lynne can not see Lidia or Isaiah's suggestions

Lynne added a suggestion

Lynne can only see her suggestion

I can see all of the suggestions because I am an administrator

Business Units

Lee and Lidia are in the same Manufacturing Business Unit.

As Director of the Manufacturing we would like Lee to be able to read and manage all suggestions made by anyone in his Business Unit.

I added a security role that will allow a user to manage Suggestions for their Business Unit

The half yellow circle shows that the permissions apply to the business unit.
Suggestion table permissions (Business Unit)

I created a Sales & Marketing business unit

I created an Operations business unit

I created a Manufacturing business unit

The org6bf9e824 Business Unit is the parent of the Sales & Marketing, Manufacturing and Operations Business Units 

I set the Business Unit for Adele Vance (and the other users)

I updated Lee Gu's security roles

I added the Suggestions for Business Unit Security Role

Lee can see the Suggestion made by Lindia because Lee has the Suggestions For Business Role and Lindia and Lee are both in the Manufacturing Business Unit