cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
michael-w
Frequent Visitor

A Design Flaw in Security Role: Create Privilege should only has two options instead of five

‎01-28-2021 05:04 AM

Create Privilege actually only has two options: can not create, allow to create.

But the interface give me five options: can not create, user,bu,parent-child bu,organization. The later four options behave same, so these four options should be merged into one option to avoid misleading. It really a big issue to understand this counter intuitive design! 

 

michael-w_0-1611838630282.png

 

Labels:
Message 1 of 6
283 Views
1 ACCEPTED SOLUTION

Accepted Solutions
HSheild
Super User
Super User

‎01-29-2021 08:26 AM

Hi @michael-w ,

 

All of the 5 options are valid for the Create Privilege and they do result in a difference in behaviour. For example, Create User means that the user can only create records where they are the owner. They cannot create records and set someone as the owner.  The other levels of Create dictate who a user can create a record on behalf of.

 

 

View solution in original post

Message 3 of 6
228 Views
0 Kudos
5 REPLIES 5
bilal684
Frequent Visitor

‎01-28-2021 05:51 AM

Hello Michael,

 

I believe you should read this article: https://docs.microsoft.com/en-us/power-platform/admin/security-roles-privileges and familiarize yourself with the different access levels.

 

If you want more details, I suggest you the following PDF document, created by Microsoft, explaining key security concepts (which did not change much these past years) around Dynamics CRM: https://download.microsoft.com/download/D/6/6/D66E61BA-3D18-49E8-B042-8434E64FAFCA/Scalable%20Securi... 

 

Hope that helps,

Message 2 of 6
259 Views
0 Kudos
HSheild
Super User
Super User

‎01-29-2021 08:26 AM

Hi @michael-w ,

 

All of the 5 options are valid for the Create Privilege and they do result in a difference in behaviour. For example, Create User means that the user can only create records where they are the owner. They cannot create records and set someone as the owner.  The other levels of Create dictate who a user can create a record on behalf of.

 

 

Message 3 of 6
229 Views
0 Kudos
EricRegnier
Super User
Super User

‎01-30-2021 12:26 PM

Hi @michael-w, this is as designed and will have different create behaviors depending on how complex your security model is in your system. To supplement on the other posts, here's another nice short video explaining some security aspects if you don't have the chance to go through the other links: https://powerusers.microsoft.com/t5/Webinars-and-Video-Gallery/Security-in-Common-Data-Service-CDS/t...

Hope this helps...

Message 4 of 6
218 Views
0 Kudos
michael-w
Frequent Visitor
In response to HSheild

‎02-07-2021 12:28 AM

Thanks, i have found these different behaviors: 

If prvCreate==Not Set, then I can not create a record.

If prvCreate==User, then I can create a record but can not change owner field.

If prvCreate==BU, then I can change owner field to a user who has same bu with me

If prvCreate==Parent-Child BU, then I can change owner field to a user who has a lower bu than me or same bu with me.

If prvCreate==Global, then I can change owner field to any user.

 

 

Message 5 of 6
201 Views
0 Kudos
Xander
Frequent Visitor

‎03-07-2021 11:55 PM

l am happy to you solved this qustions

Message 6 of 6
172 Views
0 Kudos

Helpful resources

Announcements
Power Platform Conf 2022 768x460.jpg

Join us for Microsoft Power Platform Conference

The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.

May UG Leader Call Carousel 768x460.png

June User Group Leader Call

Join us on June 28 for our monthly User Group leader call!

PA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

This training provides practical hands-on experience in creating Power Apps solutions in a full-day of instructor-led App creation workshop.

PA.JPG

New Release Planning Portal (Preview)

Check out our new release planning portal, an interactive way to plan and prepare for upcoming features in Power Platform.

View All
Users online (2,474)