{Power 2020 Tip # 8} Know-how of out of box Security roles in a Power Apps environment

First of all, happy to share that this is my 399th post!

One of the ask while using Power Apps is getting the Security configuration absolutely right. Since we are storing business data which is critical to the organization, it is absolutely important to be able to get the security roles on your Environments right. Not only that, we need to be able to understand the out of box Security roles that are available in a Power Apps environment.


Power 2020 Tip # 7 talked about the hidden gem from Microsoft which is the Minimum security role which should be your starting point for custom roles: https://dynamicsofdynamicscrm.com/2020/01/13/power-2020-tip-7-minimum-security-role-required-to-run-a-powerapp/

In the blog, we will try to understand the other packaged out of box security roles in more detail:

Security Role Name Usage
System Administrator God mode of the environment. Has complete privileges on environment to customize or administer it. Has full access to all the data in the environment.
System Customizer Demi god mode of the environment. Has complete privileges on environment customizations. Only has access to environment entities that they created.
Environment Maker Has privileges required to create any new resources required for the environment such as custom APIs, Gateways, Power Automate, etc. Has no access to data in the environment.
Common Data Service User Has ability to run an app within the Environment and perform tasks on the non-custom entities that they own within the environment.
Delegate Has the ability to impersonate another security role on the environment. Used when it is required to run on behalf of any other user(security wise)

Hope this quick table will help you to utilize the environment out of box Security roles well.

Please note that this is summarized version with reference from Microsoft docs.

Hope it helps and Power 365ing as usual!

Any problem in Power Platform or Dynamics 365 – end user, Microsoft partner or an individual?

Problem Area – Technical, Functional, Training, Development or consulting?

I am here to help, get in touch here: Click here




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s