Document view-only access pattern for model-driven apps

[Copilot]

Dataverse Share dialog only displays security roles with Customize/Admin privileges by design. View-only roles like "Power Platform User SR" don't appear, causing confusion when granting read access to CoE apps.

Changes

• New FAQ: CenterofExcellenceResources/FAQ-GrantingAccessToCoEApps.md

  • Explains why read-only roles are hidden in Share dialog (platform limitation)
  • Documents correct pattern: assign security roles via Power Platform Admin Center → Users → Manage security roles
  • Covers Power Platform User SR, Maker SR, and Admin SR role permissions
  • Troubleshooting for common access issues
  • Patterns for small/medium/large organizations

• Updated README files: Added FAQ links under Administration section

• Issue response template: Added reusable response for this common question

Correct Pattern

Instead of using the Share dialog (which won't show read-only roles):

1. Power Platform Admin Center → Environment → Settings → Users + permissions → Users
2. Select user → Manage security roles
3. Assign Power Platform User SR for read-only access
4. (Optional) Share app for visibility, but data access is controlled by security role

The Share dialog is for app visibility; actual permissions are security role-based.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>How to Grant View Access to Power Platform CoE Toolkit Model driven apps.</issue_title>
<issue_description>I’ve completed the installation of the CoE Starter Kit. I would now like to grant view-only access to other users. However, when I try to share the app, I only see high-privilege security roles such as Power Platform Admin, System Administrator, and System Customizer.

In the solution explorer, I can see roles like Maker and User, but they do not appear when I attempt to grant access. I have also created a custom security role in the environment with Organization read-only access to all tables, but that role does not appear either.

I would appreciate guidance on how to provide view-only access to the CoE Starter Kit apps—specifically the Power Platform Admin View app.

</issue_description>

<agent_instructions>Provide answer to this issue.</agent_instructions>

Comments on the Issue (you are @copilot in this section)

@mohamrizwa Hi @parsamsandeep, **Power Platform Admin View is a Model‑Driven App (MDA) built on Dataverse.** When you click Share on a model‑driven app:

• The dialog does NOT show all security roles
• It only shows roles that have “Customize” or “Admin‑level” privileges
• This is by design and has been confirmed in Microsoft guidance
  That’s why you only see roles like:

✅ System Administrator
✅ System Customizer
✅ Power Platform Admin

✅ Correct way to give view‑only access to CoE Starter Kit MDAs
You must grant access at the security role level, not the app‑share dialog.
✅ Supported and recommended pattern

• Create (or reuse) a Dataverse security role
• Assign Read (Organization) access only
• Assign the role directly to users
• Do not share the app itself</comment_new>

Custom agent used: CoE Custom Agent
Specialized agent for triaging and fixing issues in the CoE Starter Kit. Always consult the official CoE docs and the team’s SharePoint notes first, then mine prior GitHub issues and the CoE Common Responses playbook.

• Fixes How to Grant View Access to Power Platform CoE Toolkit Model driven apps. #10715

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.