I am just learning about CDS and how it works. Specifically I am looking for if I can set permissions on an "item" level within the entity. I'd asked the question at Ignite and was told there is a way to do this, but as I start exploring, i'm not really finding it.
For example, if a user submits a request, then only the user, and a few other groups - dynamically determined based on other picklist fields, would have access to view this particular item. Otherwise it seems I have to use logic within the PowerApp itself to determine if a user should be able to see the items. Ideally if I could do it at the data level, this simplifies what I have to do at the PowerApp level.
I equivalate this to item level permissions of an list item in a SharePoint List.
I completely understand where you are coming from asking this question, but there is not really the same equivilant in CDS as there is in a SPList, item level permissions. But, you can achieve something quite similar using Security Roles and Business Units. This is actually configuring Dynamics 365 functionality, rather than pure CDS-A, but its possible.
This topic contains the best run down for what you need to understand. https://docs.microsoft.com/en-us/dynamics365/customer-engagement/admin/security-roles-privileges, this page has a non-microsoft written version of the same topic, which is generally easier to understand! https://crmbook.powerobjects.com/system-administration/business-administration/planning-security/ and https://crmbook.powerobjects.com/system-administration/business-administration/security-roles/
At a high level, you will have a custom security role that has Owner level permissions (a small peice of pie) on Create/Read/Write. This means that only the person who created the record can edit/read the record. If you need to have it more open than that (say a team or larger group), then you will change it to Business Unit (half a pie). If you want to change permissions based on different values that are stored/selected in the record itself, this becomes a lot harder and I'd not recommend doing it this way (it can be done but would likely require custom code or a maybe a complex Flow).
Have a read through those pages and see what you can work out. Don't try and mimic or compare the permissions of a SharePoint List and CDS-A/D365, they are fundamentally different.
Do you want to set a permission on an "item" level within a CDS Entity?
If you want to set a permission on an "item" level within a CDS Entity, I afraid that there is no way to achieve your needs in PowerApps currently.
I agree with @Kevin23's thought almost, the level permissions between SP list and CDS entity are fundamentally different.
If you want to assign proper permission to other users (in your Org) from CDS Entity, you must create a security role firstly (which has appropriate permission to access your CDS Entity), then assign the security role to other users. After that the other users would have permission to access your CDS Entity.
More details about managing entity permission, please check the following article:
Thanks for the links to the crmbook site @Kevin23. I wish I had found that before I slogged through the MS documentation and did a lot of experimenting to figure out how it works and how to design a usable model.
BTW, Its CDS for Apps, not CDS-A. CDS-A is the old name for CDS for Analytics, now called Power BI DataFlows.
Find your favorite faces from the community presenting at the Power Platform Community Conference!
See the latest Power Apps innovations, updates, and demos from the Microsoft Business Applications Launch Event.
ISV Studio is designed to become the go-to Power Platform destination for ISV’s to monitor & manage published applications.
Features releasing from October 2020 through March 2021