PowerApps 中的環境系統管理Environments administration in PowerApps

PowerApps 系統管理中心,管理您已建立的環境,以及已將您新增至環境系統管理角色的環境。In the PowerApps admin center, manage environments that you've created and those for which you have been added to the Environment Admin role. 您可從系統管理中心執行以下系統管理動作︰From the admin center, you can perform these administrative actions:

  • 建立環境。Create environments.
  • 重新命名環境。Rename environments.
  • 以環境管理員或環境製造者角色新增或移除使用者或群組。Add or remove a user or group from either the Environment Admin or Environment Maker role.
  • 為環境佈建 Common Data Service 資料庫。Provision a Common Data Service database for the environment.
  • 設定資料外洩防護原則。Set Data Loss Prevention policies.
  • 設定資料庫安全性原則 (以各種資料庫角色來開啟或限制原則)。Set database security policies (as open or restricted by database roles).
  • Azure AD 租用戶全域管理員角色 (包括 Office 365 全域管理員) 的成員,可以管理所有在其租用戶中建立的環境,並且設定租用戶通用原則。Members of the Azure AD tenant Global administrator role (includes Office 365 Global admins) can also manage all environments that have been created in their tenant and set tenant-wide policies.

存取 PowerApps 系統管理中心Access the PowerApps admin center

存取 PowerApps 系統管理中心:To access the PowerApps admin center:

若要透過 PowerApps 系統管理中心管理環境,您必須具備下列其中一個角色:To manage an environment in the PowerApps admin center, you must have one of these roles:

  • 環境的環境管理員角色,或是the Environment Admin role of the environment, or
  • Azure AD 或 Office 365 租用戶的全域管理員角色。the Global Administrator role of your Azure AD or Office 365 tenant.

您還需要 PowerApps 方案 2 或 Flow 方案 2 才能存取系統管理中心。You also need either PowerApps Plan 2 or Flow Plan 2 to access the admin center. 如需詳細資訊,請參閱 PowerApps 定價頁面For more information, see the PowerApps pricing page.

重要:在 PowerApps 系統管理中心所做的任何變更都會影響 Flow 系統管理中心;反之亦然。Important: Any changes that you make in PowerApps admin center affect the Flow admin center and vice versa.

建立環境Create an environment

首先,請按一下 [+ 新增環境] 開啟對話方塊,然後建立環境。First, click + New environment to open a dialog box and create an environment.

接著輸入下列資訊︰Then enter the following info:

屬性Property 說明Description
環境名稱Environment name 輸入環境的名稱。Enter the name of your environment.
地區Region 選擇要託管環境的位置。Choose the location to host your environment. 建議使用最接近使用者的位置。We recommend using a location closest to your users. 例如,假設應用程式的使用者位於倫敦,則選擇歐洲位置。For example, if your app users are in London, choose a Europe location. 假設應用程式使用者位於紐約,則選擇美國。請參閱支援區域,取得支援環境區域的清單。If your app users are in New York, choose the U.S. See Supported regions for a list of supported environment regions.
為此環境建立資料庫Create a database for this environment 選取此核取方塊,為環境建立 Common Data Service 資料庫。Select this check box to create a Common Data Service database for this environment. 資料庫可設定讓開放環境中所有使用者使用,或僅限某些資料庫角色使用。A database can be configured to either be open to all users in the environment or restricted to database roles. 如需詳細資訊,請參閱設定資料庫安全性For more information, see Configure database security.

最後,請選取 [建立環境]Finally, select Create an environment.

此時環境表中會出現新環境。The new environment appears in the environments table.

注意

在您建立環境時,系統會將您自動新增至該環境的「環境管理員」角色。When you create an environment, you are automatically added to the Environment Admin role for that environment.

檢視環境View your environments

當您開啟系統管理中心時,依預設會出現 [環境] 索引標籤,並列出您在其中具有環境管理員角色的環境 (如下所示):When you open the admin center, the Environments tab appears by default and lists all the environments for which you are an Environment Admin (as shown below):

如果您是 Azure AD 或 Office 365 租用戶的全域管理員角色成員,則會出現由您租用戶中的使用者建立的所有環境,因為系統已自動將您新增為這些環境的環境管理員。If you are a member of the Global Administrator role of your Azure AD or Office 365 tenant, all the environments that have been created by users in your tenant appear, because you're automatically an Environment Admin for all of them.

重新命名環境Rename your environment

  1. 開啟 [PowerApps 系統管理中心],在清單中尋找要重新命名的環境,然後按一下或點選該環境。Open the PowerApps admin center, find the environment to be renamed in the list, and click or tap it.

  2. 按一下或點選 [詳細資料]Click or tap Details.

  3. [名稱] 文字方塊中輸入新名稱,然後按一下 [儲存]in the Name text box, enter the new name, then click Save.

刪除環境Delete your environment

  1. [PowerApps 系統管理中心] 中,按一下或點選您要刪除的環境。In the PowerApps admin center, click or tap the environment that you want to delete.

  2. 按一下或點選 [詳細資料]Click or tap Details.

  3. 按一下或點選 [刪除環境] 將環境刪除。Click or tap Delete environment to delete your environment.

為環境建立 Common Data Service 資料庫Create a Common Data Service database for an environment

如果環境還沒有資料庫,環境管理員可依照下列步驟,在 [PowerApps 系統管理中心] 中建立資料庫。If an environment doesn't already have a database, an Environment Admin can create one in the PowerApps admin center by following these steps. 只有擁有 PowerApps 方案 2 授權的使用者可以建立 Common Data Service 資料庫。Only users with a PowerApps Plan 2 license can create Common Data Service databases.

  1. 從環境表中選取環境。Select an environment in the environments table.

  2. 選取 [資料庫] 索引標籤。Select the Database tab.
  3. 選取 [建立資料庫]Select Create a database.

    佈建資料庫時,會出現此確認訊息︰When the database is provisioned, this confirmation message appears:

建立資料庫之後,請選擇安全性模型。After you create a database, choose a security model. 如需詳細資訊,請參閱設定資料庫安全性For more information, see Configure database security.

管理環境的安全性Manage security for your environments

環境權限Environment permissions

在環境中,Azure AD 租用戶的所有使用者都是該環境的使用者。In an environment, all the users in the Azure AD tenant are users of that environment. 不過,如果要讓使用者成為權限更高的角色,則必須將其新增為特定環境角色。However, for them to play a more privileged role, they need to be added to a specific environment role. 環境有兩個內建角色可提供環境內的存取權︰Environments have two built-in roles that provide access to permissions within an environment:

  • 環境管理員角色可對環境執行所有系統管理動作,包括:The Environment Admin role can perform all administrative actions on an environment including the following:

    o 在「環境管理員」或「環境製造者」角色中新增或移除使用者或群組。o Add or remove a user or group from either the Environment Admin or Environment Maker role.

    o 為環境佈建 Common Data Service 資料庫。o Provision a Common Data Service database for the environment.

    o 檢視和管理在環境內建立的所有資源。o View and manage all resources created within an environment.

    o 設定資料外洩防護原則。o Set data loss prevention policies. 如需詳細資訊,請參閱資料外洩防護原則For more information, see Data loss prevention policies.

  • 另一個是環境製造者角色,可在環境內建立資源,包括應用程式、連線、自訂連接器、閘道以及使用 Microsoft Flow 的流程。The Environment Maker role can create resources within an environment including apps, connections, custom connectors, gateways, and flows using Microsoft Flow. 環境製造者也可將其在環境中建置的應用程式散發給組織中的其他使用者。Environment Makers can also distribute the apps they build in an environment to other users in your organization. 並且可以與個別使用者、安全性群組或組織中的所有使用者共用該應用程式。They can share the app with individual users, security groups, or all users in the organization. 如需詳細資訊,請參閱在 PowerApps 中共用應用程式For more information, see Share an app in PowerApps.

若要指派使用者或安全性群組給環境角色,環境管理員可在 [PowerApps 系統管理中心] 中,執行下列步驟:To assign a user or a security group to an environment role, an Environment Admin can take these steps in the PowerApps admin center:

  1. 從環境表中選取環境。Select the environment in environments table.

  2. [安全性] 索引標籤上,選取 [環境角色]On the Security tab, select Environment roles.
  3. 選取 [環境管理員][環境製造者] 角色。Select either the Environment Admin or Environment Maker role.

  4. 在 Azure Active Directory 中指定一個或多個使用者或群組的名稱,或指定要新增整個組織。Specify the names of one or more users or security groups in Azure Active Directory, or specify that you want to add your entire organization.

  5. 選取 [儲存] 以更新對環境角色的指派。Select Save to update the assignments to the environment role.

若要移除使用者或群組的所有權限,請按一下或點選該使用者或群組的 x 圖示。To remove all permissions for a user or a group, click or tap the x icon for that user or group.

注意

將使用者或群組指派給這些環境角色,並不會自動將環境資料庫 (若有) 的存取權授予使用者或群組,且必須由資料庫擁有者分別授予他們存取權。Users or groups assigned to these environment roles are not automatically given access to the environment’s database (if it exists) and must be given access separately by a Database owner. 如需詳細資訊,請參閱設定資料庫安全性For more information, see Configure database security.

資料庫安全性Database security

建立和修改資料庫結構描述,以及連線至環境中佈建的資料庫所儲存的資料等能力,皆由資料庫的使用者角色和權限集合所控制。The ability to create and modify a database schema and to connect to the data stored within a database that is provisioned in your environment is controlled by the database's user roles and permission sets. 您可以從 [安全性] 索引標籤的 [使用者角色][權限集合] 區段,管理環境資料庫的使用者角色和權限集合。如需詳細資訊,請參閱設定資料庫安全性You can manage the user roles and permission sets for your environment's database from the User roles and Permission sets section of the Security tab. For more information, see Configure database security.

注意

環境管理員沒有建立及管理環境資料庫中使用者角色和權限集合的存取權。Environment Admins do not have access to create and manage user roles and permission sets for an environment's database. 此權限僅限於使用者角色為資料庫擁有者的成員使用。This power is limited to members of the Database owner user role.

資料原則Data policies

組織的資料必須受到保護,避免與不應具有資料存取權的對象共用。An organization's data must be protected so that it isn't shared with audiences that should not have access to it. 若要保護此資料,您可以建立並強制執行原則,定義哪些消費者服務和連接器專用的商務資料可供共用。To protect this data, you can create and enforce policies that define which consumer services and connector-specific business data can be shared with. 用於定義資料共用方式的原則稱為資料外洩防護 (DLP) 原則。Policies that define how data can be shared are referred to as data loss prevention (DLP) policies. 您可以從 [PowerApps 系統管理中心][資料原則] 區段,管理環境的 DLP 原則。You can manage the DLP policies for your environments from the Data Policies section of the PowerApps admin center. 如需詳細資訊,請參閱資料外洩防護原則For more information, see Data loss prevention policies.

常見問題集Frequently asked questions

可以建立多少個環境?How many environments can I create?

每個使用者最多可以建立兩個環境。Each user can create up to two environments.

可以佈建多少個資料庫?How many databases can I provision?

每位使用者可佈建最多兩個資料庫。Each user can provision up to two databases.

是否可以重新命名環境?Can I rename an environment?

是的,可以從 PowerApps 系統管理中心使用這項功能。Yes, this functionality is available from the PowerApps admin center. 如需詳細資訊,請參閱環境管理See Environments Administration for more details.

是否可以刪除環境?Can I delete an environment?

是的,可以從 PowerApps 系統管理中心使用這項功能。Yes, this functionality is available from the PowerApps admin center. 如需詳細資訊,請參閱環境管理See Environments Administration for more details.

身為環境管理員,我是否可以檢視和管理環境的所有資料 (應用程式、流程、API 等等)?As an Environment Admin, can I view and manage all resources (apps, flows, APIs, etc.) for an environment?

是的,您可以從 PowerApps 系統管理中心檢視環境的應用程式和流程。Yes, the ability to view the apps and flows for an environment is available from the PowerApps admin center. 請參閱檢視應用程式以獲得詳細資訊。See View Apps for more details.

哪些授權包含常見的資料服務 Common Data Service?Which license includes Common Data Service?

PowerApps 方案 2。PowerApps Plan 2. 請參閱 PowerApps 定價頁面,了解含此授權之所有方案的詳細資料。See PowerApps pricing page for details on all the plans that include this license.

是否可以在環境之外使用 Common Data Service?Can the Common Data Service be used outside of an environment?

不會。No. Common Data Service 必須在環境中使用。Common Data Service requires an environment.