Introduction
In an organization there are multiple users belonging to different business verticals, each with different business requirements and expectations. Thus, they need some logical separation from users of other business verticals.
Environments in Power platforms assists us to meet this expectation by offering a space to store, manage and share the organization's business dat, applications and flows. It actually acts as a container for all these applications with access control to only a specific set of users.
By default, when we set up an environment for power platforms a default environment is created which allows all the users in an organization to access the business data and applications, Its name contains the word “Default”.
As per the need and requirement we can create a new environment and restrict the access of the same to a specific set of users, with a database which will have only certain specific common tables with the flexibility to create new tables based upon the roles and permissions.
Steps to create an environment
- Login to the admin portal of Power platforms.
- Click on the create “New Environment” button, which will take us further.
- While creating the environment we can chose the following,
- Whether we want to create an environment with Common Data Model, or just an environment without any database to contain the Flows and other applications
- User security group to which we want to offer access for the environment
Every environment created by us, is created under a Azure AD Tenant and so all its resources are specifically accessible only to the users and applications which are part of the tenant. Specifically sharing the access to components of environments is limited only to the users who have been created in that instance, and it doesn’t allow the cross domain access of environments.
Along with the above, every environment which is created is bound to some geographical location based upon the geography of the tenant, and so all the apps are routed to only that specific geographical data center
Applications are specific to the environment, which means applications created in a specific environment will be permitted to connect and interact with data sources which have been created and deployed in the same environment, like a flow which has been created in environment X will be able to interact with components only in environment X.
Environment Permissions
Microsoft offers two set of built in roles that help us to control the access of a user with an environment.
- Environment Admin Role
As the name suggests it’s an admin role and permission which allows an end user/offers necessary roles to Add/Remove users to/from the environment in power platforms.
- Environment Maker Role
This role offers the permission to an individual to create new resources in the environment including flows: connections: custom connectors: gateways and much more.
Who can see an Environment?
Every user who is created in office365, is by default added to the default environment with permissions of Environment Maker Role, and so they can contribute to the environment by making new apps , flows and resources to the same.
New environments which are created in admin sections are visible to specific users only who meet any of the below criteria
- User must be either the member of the Environment Admin
- User must be either the member of the Environment Maker Role
- “Contributor” access to at least one app within the Environment