Model-driven apps must be associated with one or more security roles before they can be run by users.
In the classic interface, you added one or more security roles to your app after creating the app by clicking on Manage roles.
In the maker portal, the new method is to share the app with one or more security roles. This matches the model for distributing canvas apps. In either method, you are associating the app with one or more security roles.
Users will then be able to see and run an app if they have one of the same roles as the app.