I am trying to assign security roles to all users in an environment. I do not want to do this on a 'Business Unit' level as that would mean every time we need to update the 'all users' permissions, we would need to do it for every Business Unit.
My plan was to create a dynamic Azure Active Directory group which holds all members in the tenant. I then create a new team of type 'AAD Security group' and assign that team the appropriate permissions. However, when I try to create it, I get the following error message
Unknown error. Please try again later.Error Details:The group whose AzureActiveDirectoryObjectId = xxxxxxx is not an AadGroup or OfficeGroup, the attribute GroupTypes are = DynamicMembership.
It looks like it is not possible to use an dynamic AAD Security Group.
Does anyone know how to get around this limitation or other approaches to assign security roles to all users in an environment?
The mapping of a "Dynamic User" security group is not supported for mapping to a Team in Dataverse as described in this article: (https://docs.microsoft.com/en-us/power-platform/admin/manage-group-teams#using-azure-active-director...)
You would need to add the users to an All Employees Security Group in Azure AD manually (or maybe through a flow?) to get them to map to a team in Dataverse.
Please accept if answers your question or Like if helps in any way.
Hey @dpoggemann ,
thanks for the reply. I was trying to avoid having to manually add and remove users to this group.
Do you know of another method to get access to all D365/Dataverse users in an environment?
Thanks - Lukas
hi @lkaspar ,
No I do not. The Security Group approach is the approach I have used primarily but yes, you need to manually add the users to the security group.
Don't miss the User Group Leader meetings on January, 24th & 25th, 2022.
Please join us on Wednesday, January 19th, at 8a PDT. Come and learn from our amazing speakers!
Check out the new Power Platform Community Connections gallery!