Share a model-driven app
Share a model-driven app to make it available so other users can play it. Sharing includes the following steps:
- Identify the security roles to use for the app
- Assign security roles or people to a model-driven app
- Share the link to the app
If your app contains only out-of-the-box tables, such as account or contact, you can use an existing predefined security role.
Model-driven app sharing basics
Model-driven apps use role-based security for sharing. The fundamental concept in role-based security is that a security role contains privileges that define a set of actions that can be performed on tables within the app. This approach means that while two people are able to use the app, one user might only be able to read records, or records that they themselves created. The other user might be able to see all records and have the rights to delete those records.
All app users must be assigned one or more predefined or custom security roles. Or, security roles can be assigned to teams. When a user or team is assigned to one of these roles, the person or team members are granted the set of privileges associated with that role.
The process for sharing a model-driven app is different from sharing a canvas app. Model-driven app sharing depends on how the Microsoft Dataverse data table privileges are assigned for the tables that are in the app. If security roles aren't already defined for your app, contact your Power Platform administrator to create them for you.
More information: Create or edit a security role to manage access
Assign security roles or people to a model-driven app
When you share a model-driven app, you can share it with all members of one or more security roles or a user or team.
Sign in to the Power Apps, on the left navigation pane select Apps, next to the app you want to share select …, and then select Share.
From the Share app name pane, choose from the following options:
- Select the app, and then select the drop-down list in the right pane to display all available security roles. Select the security roles you want from the security role dropdown list.
If your app has one or more custom tables, contact a Power Platform administrator to configure privileges to the custom tables in a security role. This is necessary in order for users to work with your custom table's records in the app. More information: Create or edit a security role to manage access
To assign an individual user or team, select the user name or team from the People list.
If your app contains premium components, such as a map or address input components, users must have a Power Apps license to use the app. To request licenses for the users of your app, select Request licenses to submit a license request to your admin.
You can't request licenses for security groups or distribution lists. For more information about requesting licenses, see Request Power Apps licenses for your app users.
Share the link to the app
Unlike sharing canvas apps, sharing model-driven apps doesn't currently send an email with a link to the app.
To get the direct link to an app:
Go to Power Apps.
Select Solutions from the left navigation pane. If the item isn’t in the left navigation pane, select …More and then select the item you want.
Open the solution that contains the model-driven app.
Select the model-driven app, and then select Edit on the command bar.
In the classic designer, select the Properties tab, and then copy the Unified Interface URL.
Paste the app URL in a location so that your users can access it, such as by posting it on a Teams channel, SharePoint site, or sending via email.
App sharing privilege and licensing requirements
There are a few key environment and licensing prerequisites required when sharing a model-driven app with a user.
- A Microsoft 365 user with Power Platform administrator rights or global admin rights must exist within the organization. Learn how to assign Power Platform Administrator rights. This provides the user with administrator rights over all environments.
- The app sharer must have admin privileges to the specific environment (or be a Power Platform administrator). The app sharer must have a security role with equal or greater privileges than the security role they're assigning to the app and to other users. Usually, this takes the form of the app sharer having the Dataverse System Administrator or System Customizer security role. These roles can be assigned by Power Platform administrators (who have rights over all Dataverse environments). The system administrator and system customizer security roles are standard roles that exist within all Dataverse environments.
- The user must exist as a user within the environment. It isn't enough to only be a Microsoft 365 user. This is because all users in an environment are accounted for and described within tables in the environment. Learn how to add a user to an environment
- Users must have the correct license to be able to use the app. Users can request a license themselves, or a maker can request licenses for their app users. Also, the license must be assigned in the tenant hosting the app. The exception to this prerequisite is when an app is hosted in a Microsoft Dataverse for Teams environment.
About predefined security roles
There are several predefined roles available with Dataverse. To run apps that use only out-of-the-box tables, there's the Basic User security role, where members can play the app within the environment and perform common tasks for the records that they own. More information: Predefined security roles
Use Microsoft Entra groups to manage access
Administrators can use their organization’s Microsoft Entra groups to manage access rights for licensed Dataverse users. Both types of Microsoft Entra groups—Microsoft 365 and Security—can be used to secure user-access rights to an app. More information: About group teams