cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
rgupta
Frequent Visitor

Controlling access to an Entity

My Power Platform environment has CDS enabled. I have been scouring documentation on Dataverse but something fundamental is missing

I would like to create different Business Units, each with separate sets of tables. They should not be able to see each others tables or any underlying object (column, views, forms etc)

 

One of the business Unit is called CRS and I have created a custom role for it. The settings for Customization is shown in the 1st screenshot. I don't want this Business Unit to see the Accounts Table (see the 2nd screenshot) . But the 'None' Permission on Accounts (In Core Records) is only applied to data (or rows) in the Accounts table and not to the visibility of the table itself (see the 3rd screenshot) . How do I prevent the Accounts table to be seen by CRS?  and I assume the would the same apply to a Custom table I create.

rgupta_1-1613006261067.png

 

rgupta_0-1613006243226.png

rgupta_2-1613006481440.png

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
dpoggemann
Super User
Super User

Hi @rgupta ,

 

The existence of the table is not what is controlled by the business units / roles (per se).  The tables are created within the Environment and they will exist at the "Organization" level and down (business unit, etc.) within that environment. 

 

Overall you would be creating applications and these applications would expose only specific tables through forms / views / etc.  and only the tables that these users should have access to.  Note, they could still go into "Advanced Find" and see that tables exist that they do not have access to.

 

To really accomplish what you are talking about where the tables are completely different for the different sets of users I would have multiple environments in your tenant.  This way you will be able to create the tables / views / forms / etc. within that environment that make sense.  Really everything is independent in each environment except a user can have access to the multiple environments of course.


Hope this helps.

 

Thanks,


Drew

 

Hope this helps. Please accept if answers your question or Like if helps in any way.
Thanks,
Drew

View solution in original post

4 REPLIES 4
ChrisPiasecki
Super User
Super User

Hi @rgupta ,

 

Are the users in the business group only supposed to be users of the apps, and not actual customizers/app makers in the environment? If so, ensure the user does not have any other security roles such as Environment Maker or System Customizer assigned. 

 

---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.

dpoggemann
Super User
Super User

Hi @rgupta ,

 

The existence of the table is not what is controlled by the business units / roles (per se).  The tables are created within the Environment and they will exist at the "Organization" level and down (business unit, etc.) within that environment. 

 

Overall you would be creating applications and these applications would expose only specific tables through forms / views / etc.  and only the tables that these users should have access to.  Note, they could still go into "Advanced Find" and see that tables exist that they do not have access to.

 

To really accomplish what you are talking about where the tables are completely different for the different sets of users I would have multiple environments in your tenant.  This way you will be able to create the tables / views / forms / etc. within that environment that make sense.  Really everything is independent in each environment except a user can have access to the multiple environments of course.


Hope this helps.

 

Thanks,


Drew

 

Hope this helps. Please accept if answers your question or Like if helps in any way.
Thanks,
Drew
Fubar
Solution Sage
Solution Sage

Security roles are not for your System Admin type users, they are for your general users, people who need to configure and manage at the backend will see all tables in make.powerapps etc.  at the high level it is the App Maker etc

 

You create security roles for your users.  One role set the privileges to empty circle (no access), the other role give access.

 

If you have data in the same table and you do not want users from different business units to see it then you make sure that the records are owned by users in the correct Business Unit (or a Team), then set privileges in the Security Role(s) that are not full green as appropriate (full green is access everything irrespective of the business unit).

Business Units + Security Role Privileges can get very complex very quickly so it is difficult to give a succinct answer.   https://docs.microsoft.com/en-us/power-platform/admin/security-roles-privileges

The older documentation used to give a better explanation but couldn't find it quickly.

 

And of course you also need to setup a Business Unit structure as by default you just have the root 1 https://docs.microsoft.com/en-us/power-platform/admin/create-edit-business-units

rgupta
Frequent Visitor

Thank you everyone!. @ChrisPiasecki, The users I was referring to are System Customizers. The ones that create the tables and maintain data in them.  These individuals belong to different business units/teams, yet can see all the tables in the system and modify each others tables as well, for example by adding a new column. There doesn't seem to be a way to contain their modifications to tables created by their Team.  As per @dpoggemann the Tables within an environment cannot be hidden, only the data/records can be controlled through Role controls... so only way seems to be to create different environments.

Helpful resources

Announcements
October Events

Mark Your Calendars

So many events that are happening this month - don't miss out!

Ignite 2022

WHAT’S NEXT AT MICROSOFT IGNITE 2022

Explore the latest innovations, learn from product experts and partners, level up your skillset, and create connections from around the world.

Power Apps Africa Challenge 2022

Power Apps Africa Challenge

Your chance to join an engaging competition of Power Platform enthusiasts.

Users online (1,757)