I feel like there may be answers to this question within other threads didn't find a great deal so I am asking for you geniuses to reach out and assist again!
The environment that I am creating has a 'dataverse' database and two PowerApps. There will be a 'manager' app for internal employees that is model-driven, and then a Canvas app for the end-users. End-users should only be able to access records for their accounts.
I am not sure where to start with the control of end-user access to data in the dataverse and would like some guidance/links for best practice. Ultimately, we only want to have end-users seeing their own data, but for them to access the data, my current understanding is that they need access to the database and would then have access to ALL the data in it and not just their own.
The method that comes to mind as the 'easy' approach is to have the Canvas app do filtering based on the users login information... But my background tells me thats not the correct approach because you would essentially be 'hiding' the data, not preventing access. So someone who knows how to could gain access to the data in the dataverse because they, at the dataverse level, have access to the full table. It would only be the PowerApp filtering their access. So something tells me there is extra steps that need to be taken to ensure that anyone with malicious intent couldn't circumvent the 'forward facing' permissions of the Canvas app and simply grab all the data.
I hope this makes sense. I have no doubt that plenty have crossed this bridge before me but it has been difficult to find specific information relating to the use of dataverse as the storage location. Most of the guides/tutorials refer to people using sharepoint lists and spreadsheets which naturally have far simpler permissions.
Thanks in advance.
Solved! Go to Solution.
Hello @Sheikx800,
You made a great design choice in going with Dataverse for your requirements.
The only thing you will have to do is to correctly set up security. In Dataverse, you can make very granular decisions about who can create, update, read, and delete records - and if users can access only their own records, all other records or even records created by their business unit.
Security in Dataverse works like this: you define Security Roles. For each Security Role, you can define if a person with this Role can access their own records, the organization's records, etc - for each entity (table). When you assign a Security Role to a user, Dataverse automatically displays only data the user should be able to access - no need to use custom filters etc.
You can find more information here: https://docs.microsoft.com/en-us/power-platform/admin/wp-security-cds
The easiest way to achieve your requirement would be to:
For this table, define the privileges. In your case, for users, this would be "User":
You can then walk through the same process for the "Manager" role, but you would want to give them higher privileges, e.g. "Organization".
Hello @Sheikx800,
You made a great design choice in going with Dataverse for your requirements.
The only thing you will have to do is to correctly set up security. In Dataverse, you can make very granular decisions about who can create, update, read, and delete records - and if users can access only their own records, all other records or even records created by their business unit.
Security in Dataverse works like this: you define Security Roles. For each Security Role, you can define if a person with this Role can access their own records, the organization's records, etc - for each entity (table). When you assign a Security Role to a user, Dataverse automatically displays only data the user should be able to access - no need to use custom filters etc.
You can find more information here: https://docs.microsoft.com/en-us/power-platform/admin/wp-security-cds
The easiest way to achieve your requirement would be to:
For this table, define the privileges. In your case, for users, this would be "User":
You can then walk through the same process for the "Manager" role, but you would want to give them higher privileges, e.g. "Organization".
An additional note to @joe_hannes_col response is that you should create a new Security Role by copying an existing one e.g. Basic User. Don’t create a new Security Role from scratch as you will most likely find yourself in a world of pain trying to get the permissions correct. There are some base permissions that just about every user needs for Dataverse to work for them. These are included in the existing Base User security role.
@joe_hannes_col - Given your mention of choosing the Dataverse DB, I have to say - Planning for success with this project meant I needed a proper database that could scale. I was completely blown away with what the Microsoft CDS/Dataverse platform is capable of. I walked into this thinking I would need to develop an SQL database from scratch and then after a few clicks found myself literally months down the development track without any of the work... Systems Analysts must froth over this stuff!
Thank you for all of that information and for narrowing down what I need to read up on!
There seem to be a number of extremely granular (see: daunting) security settings within the 'Dynamics' admin area for the dataverse. It doesn't appear from what you linked me that I need to worry about this stuff which is good news. My use case is going to require record-specific restrictions for each user/group rather than simply restricting by table so I am suspecting I am going to have to do a fair bit of configuration to make this work, but its outlined as being possible so I will have to get reading and have a play. I may pop back here to ask more about this later. The forums have been extremely helpful!
@HSheild - Thank you for the tip. I think I made an attempt to create one from scratch while playing around a while back and it did NOT go well!
Dear Community Members, We'd like to let you know of an upcoming change to the community platform: starting July 16th, the platform will transition to a READ ONLY mode until July 22nd. During this period, members will not be able to Kudo, Comment, or Reply to any posts. On July 22nd, please be on the lookout for a message sent to the email address registered on your community profile. This email is crucial as it will contain your unique code and link to register for the new platform encompassing all of the communities. What to Expect in the New Community: A more unified experience where all products, including Power Apps, Power Automate, Copilot Studio, and Power Pages, will be accessible from one community.Community Blogs that you can syndicate and link to for automatic updates. We appreciate your understanding and cooperation during this transition. Stay tuned for the exciting new features and a seamless community experience ahead!
We are excited to announce the Summer of Solutions Challenge! This challenge is kicking off on Monday, June 17th and will run for (4) weeks. The challenge is open to all Power Platform (Power Apps, Power Automate, Copilot Studio & Power Pages) community members. We invite you to participate in a quest to provide solutions in the Forums to as many questions as you can. Answers can be provided in all the communities. Entry Period: This Challenge will consist of four weekly Entry Periods as follows (each an “Entry Period”) - 12:00 a.m. PT on June 17, 2024 – 11:59 p.m. PT on June 23, 2024 - 12:00 a.m. PT on June 24, 2024 – 11:59 p.m. PT on June 30, 2024 - 12:00 a.m. PT on July 1, 2024 – 11:59 p.m. PT on July 7, 2024 - 12:00 a.m. PT on July 8, 2024 – 11:59 p.m. PT on July 14, 2024 Entries will be eligible for the Entry Period in which they are received and will not carryover to subsequent weekly entry periods. You must enter into each weekly Entry Period separately. How to Enter: We invite you to participate in a quest to provide "Accepted Solutions" to as many questions as you can. Answers can be provided in all the communities. Users must provide a solution which can be an “Accepted Solution” in the Forums in all of the communities and there are no limits to the number of “Accepted Solutions” that a member can provide for entries in this challenge, but each entry must be substantially unique and different. Winner Selection and Prizes: At the end of each week, we will list the top ten (10) Community users which will consist of: 5 Community Members & 5 Super Users and they will advance to the final drawing. We will post each week in the News & Announcements the top 10 Solution providers. At the end of the challenge, we will add all of the top 10 weekly names and enter them into a random drawing. Then we will randomly select ten (10) winners (5 Community Members & 5 Super Users) from among all eligible entrants received across all weekly Entry Periods to receive the prize listed below. If a winner declines, we will draw again at random for the next winner. A user will only be able to win once overall. If they are drawn multiple times, another user will be drawn at random. Individuals will be contacted before the announcement with the opportunity to claim or deny the prize. Once all of the winners have been notified, we will post in the News & Announcements of each community with the list of winners. Each winner will receive one (1) Pass to the Power Platform Conference in Las Vegas, Sep. 18-20, 2024 ($1800 value). NOTE: Prize is for conference attendance only and any other costs such as airfare, lodging, transportation, and food are the sole responsibility of the winner. Tickets are not transferable to any other party or to next year’s event. ** PLEASE SEE THE ATTACHED RULES for this CHALLENGE** Week 1 Results: Congratulations to the Week 1 qualifiers, you are being entered in the random drawing that will take place at the end of the challenge. Community MembersNumber of SolutionsSuper UsersNumber of Solutions @anandm08 23 @WarrenBelz 31 @DBO_DV 10 @Amik 19 AmínAA 6 @mmbr1606 12 @rzuber 4 @happyume 7 @Giraldoj 3@ANB 6 (tie) @SpongYe 6 (tie) Week 2 Results: Congratulations to the Week 2 qualifiers, you are being entered in the random drawing that will take place at the end of the challenge. Community MembersSolutionsSuper UsersSolutions @anandm08 10@WarrenBelz 25 @DBO_DV 6@mmbr1606 14 @AmínAA 4 @Amik 12 @royg 3 @ANB 10 @AllanDeCastro 2 @SunilPashikanti 5 @Michaelfp 2 @FLMike 5 @eduardo_izzo 2 Meekou 2 @rzuber 2 @Velegandla 2 @PowerPlatform-P 2 @Micaiah 2 Week 3 Results: Congratulations to the Week 3 qualifiers, you are being entered in the random drawing that will take place at the end of the challenge. Week 3:Community MembersSolutionsSuper UsersSolutionsPower Apps anandm0861WarrenBelz86DBO_DV25Amik66Michaelfp13mmbr160647Giraldoj13FLMike31AmínAA13SpongYe27 Week 4 Results: Congratulations to the Week 4 qualifiers, you are being entered in the random drawing that will take place at the end of the challenge. Week 4:Community MembersSolutionsSuper UsersSolutionsPower Apps DBO-DV21WarranBelz26Giraldoj7mmbr160618Muzammmil_0695067Amik14samfawzi_acml6FLMike12tzuber6ANB8 SunilPashikanti8
On July 16, 2024, we published the 2024 release wave 2 plans for Microsoft Dynamics 365 and Microsoft Power Platform. These plans are a compilation of the new capabilities planned to be released between October 2024 to March 2025. This release introduces a wealth of new features designed to enhance customer understanding and improve overall user experience, showcasing our dedication to driving digital transformation for our customers and partners. The upcoming wave is centered around utilizing advanced AI and Microsoft Copilot technologies to enhance user productivity and streamline operations across diverse business applications. These enhancements include intelligent automation, AI-powered insights, and immersive user experiences that are designed to break down barriers between data, insights, and individuals. Watch a summary of the release highlights. Discover the latest features that empower organizations to operate more efficiently and adaptively. From AI-driven sales insights and customer service enhancements to predictive analytics in supply chain management and autonomous financial processes, the new capabilities enable businesses to proactively address challenges and capitalize on opportunities.
We're embarking on a journey to enhance your experience by transitioning to a new community platform. Our team has been diligently working to create a fresh community site, leveraging the very Dynamics 365 and Power Platform tools our community advocates for. We started this journey with transitioning Copilot Studio forums and blogs in June. The move marks the beginning of a new chapter, and we're eager for you to be a part of it. The rest of the Power Platform product sites will be moving over this summer. Stay tuned for more updates as we get closer to the launch. We can't wait to welcome you to our new community space, designed with you in mind. Let's connect, learn, and grow together. Here's to new beginnings and endless possibilities! If you have any questions, observations or concerns throughout this process please go to https://aka.ms/PPCommSupport. To stay up to date on the latest details of this migration and other important Community updates subscribe to our News and Announcements forums: Copilot Studio, Power Apps, Power Automate, Power Pages