Showing results for 
Search instead for 
Did you mean: 
New Member

Multiple client data in CDS - control scope of data displayed based on user

Hello, this is my first post, apologies if this is covered elsewhere but I searched and couldn't find an answer........ I'm not even sure what I am looking for 🙂

I have the start of a model-driven app that is used collect information about applications/workloads at client ie application name, application owner, version, support agreement etc

I have managed to get a form together for the fields above and I have an account form from that entity that is used to add a vendor, in my test data this is Microsoft for exchange and for putty.

A this time it is a single organisation form, therefore, I also need to add a client , client A will have ~100 apps/wklds​ client B will have ~50 apps/wklds there will be some of the same apps in both but with unique data for each organisation eg: Exchange will be present in each org but have different owners per organisation.

My expectation is that I will be able to assign a license to someone from the client in the project team to the app and i want them to be able to CRUD only their data

I need to be able to work in scopes eg: i want to be able to search globally to find an answer if a new client doesn't have it, I also need to be able to search per client if I am looking for all web applications in a subnet for example

There is a lot of requirements there, thanks for reading 🙂

I am a network/server guy by trade so I will will need it explained simply but I really see the potential in the Power Platform, any guidance would be gratefully received.

Resident Rockstar
Resident Rockstar

There is a lot there, you aren't kidding. 🙂


On the CDS side, you will be able to control the User's access in a few ways.

  • They will need a PowerApps license to access ANY CDS environment/database
  • Each CDS environment can be controlled via an associated Security Group (enables/disables users)
  • THEN
    • CDS Security Role's come into play
    • A user must have a Security Role to access anything in CDS
    • This can set the granular level's of CRUD access
    • It also includes privilege depths, such as User-only, or Organization

This should allow you to control the CRUD operations against those CDS environments that the user has access to.

Some resources:

Thanks Gareth, I'll read through the links and update the thread 🙂

Ultimately, the key to making this work is managing the ownership of records in CDS. The users from the client should be in a security role that only has user-level access to the entities that they will access. You then have 2 sets of 2 options:

  1. If each client will only ever have one user, you could grant access to that user, but a more scalable option would be to create a team for each client, and add their users to that team
  2. Granting access can be done in one of 2 ways. You could assign the records to the relevant client user/team - this is simpler, but a record can only have one owner, so this is only viable if you don't use ownership for other purposes. The other option is to share the records with the relevant client user/team

You can automate this via workflow, but would probably need to link the client to a team. If you're using sharing, then you can use to share from a workflow

Helpful resources

Power Apps News & Annoucements carousel

Power Apps News & Announcements

Keep up to date with current events and community announcements in the Power Apps community.

Community Call Conversations

Introducing the Community Calls Conversations

A great place where you can stay up to date with community calls and interact with the speakers.

Power Apps Community Blog Carousel

Power Apps Community Blog

Check out the latest Community Blog from the community!

Top Solution Authors
Top Kudoed Authors
Users online (1,738)