Solved: Dataverse for Teams security

MagnusGöransson · ‎12-08-2020

Hey!

I have been creating PowerApps using both SharePoint lists and CDS as a backend. Well, SQL also of course, in the past.

However, Dataverse for Teams looks really promising but I can't get figura out how security works in this new database.

Lets say I have a PP Environment for Teams, a couple of tables and a PowerApp created in Teams.

In SharePoint its easy to set permissions so that each user can create items, update them and delete them while they are unable to even read other peoples items.

How can that be achieved by using Dataverse for Teams?

Best Regards, Magnus Göransson

EricRegnier · ‎12-18-2020

I haven’t given it a try yet, but have a look at DLP for Teams: https://docs.microsoft.com/en-us/microsoftteams/teams-app-permission-policies maybe you can control access to the studio...

View solution in original post

EricRegnier · ‎12-10-2020

Hi @MagnusGöransson,

The quick answer is security roles and privileges for Dataverse for Teams are not configurable like in standard Dataverse. The roles and related privileges are automatically set and assigned based on the O365 group / Teams group members. To edit those (add/remove users) you'll have to update directly in O365 and will reflect in Teams.

See the role assignment section to determine which role is assigned to users based on their user type and membership in O365.

More info: https://docs.microsoft.com/en-us/power-platform/admin/about-teams-environment#conceptual-model

Hope this helps...

MagnusGöransson · ‎12-18-2020

Hey Eric, sorry for late response here.

This is really something that i hope would change in the future. The permissions model for a simple SharePoint list has actually alot functionality as I can control access even on a record level.

For applications other than a very simple list app Dataverse for Teams is basically useless as the simple apps can use SharePoint lists anyway. 😕

/Magnus

EricRegnier · ‎12-18-2020

Hi @MagnusGöransson, yes security is limited in Dataverse for Teams, which I hope Microsoft will eventually enhance, however it does have a lot of advantages as opposed to SharePoint list, main one is relational data model. Maybe standard Dataverse would be more applicable for you to get the whole suite?
Cheers

MagnusGöransson · ‎12-18-2020

Yes, and I am using full Dataverse a lot, but usually not for apps with a large user base because of licensing. I was hoping for Dataverse for Teams for the rest of the apps. Dataverse is much more robust compared to SP Lists, but SP Lists still adds important functionality when it comes to permissions.

I really hope at least some basic functionality will be added.

One option that would solve most of it would be functionality to lock down access to DVfT only from specified PowerApps or Flows. And also the ability to only allow edit access to apps to Team Owners.

As it is now, any member can open the Powerapps Studio in Teams and browse all tables in DV.

/Magnus