cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
D_AGL
Frequent Visitor

Help with understanding dataverse security access

Hi

I'm pretty new to the Power Apps / Power Platform scene.

I have two environments, A and B.

I have created an app in environment B which takes inputs and writes data back to Dataverse tables.

If I then share this app with a user who only has access to environment A, when they log in through the Power Apps phone application, can see and search the data in the app. Is this correct? Should they be able to see the data? How does the security work in this case?

 

Many thanks in advance

1 ACCEPTED SOLUTION

Accepted Solutions
dpoggemann
Super User
Super User

Hi @D_AGL ,

No they do not.  You need to share / assign specifically to each environment.  I would go look at the user in that environment and see the role assigned.  You can see the users under the admin.powerplatform.com and going into Settings to access the users.  You can then look at the user and the roles assigned.  Another situation could exist where you assign the user to a security group that is setup as a team in Dataverse with roles assigned.   I assume this is not the situation though but this is actually best practice (see:  https://docs.microsoft.com/en-us/power-platform/admin/database-security#create-or-configure-a-custom...

 

Thanks,


Drew 

Hope this helps. Please accept if answers your question or Like if helps in any way.
Thanks,
Drew

View solution in original post

6 REPLIES 6
dpoggemann
Super User
Super User

Hi @D_AGL ,

 

Can you clarify "see and search the data"?  The key item controlling access to the data in the Dataverse is the roles assigned to the user.  When you shared the application with the user you were asked to select a role to assign and this role controls the data access.

 

Please check out the following article that explains the role based security:  https://docs.microsoft.com/en-us/power-platform/admin/wp-security-cds 

 

Hope this helps.  Please accept if answers your question or Like if helps in any way.

 

Thanks,


Drew

Hope this helps. Please accept if answers your question or Like if helps in any way.
Thanks,
Drew
D_AGL
Frequent Visitor

Hi @dpoggemann 

 

There is a gallery as part of the app that displays items from the accounts table that the user can see and search through. The user, who cannot see the environment the app is built in, can see the data in the gallery when the app is shared with them.

So the security selected at the time of sharing would control that?

dpoggemann
Super User
Super User

hi @D_AGL ,

Yes, if the Gallery is pulling records from the Accounts table and you have the role for the user setup where they can view any Accounts, not just ones assigned to "them" then all the records queried in the gallery will display for the user.  If you setup the Account Entity in the Role so they can only view their own records (User level) for the role the user is assigned then they would only see the records where they are the owner.

 

Thanks much!

Drew

Hope this helps. Please accept if answers your question or Like if helps in any way.
Thanks,
Drew
D_AGL
Frequent Visitor

Hi @dpoggemann 

 

Thanks for the reply. That does make sense. Does that apply across environments? I think that's the bit I'm struggling to get my head around. The app and the user are in two different environments. Do privileges and security roles apply across environments?

dpoggemann
Super User
Super User

Hi @D_AGL ,

No they do not.  You need to share / assign specifically to each environment.  I would go look at the user in that environment and see the role assigned.  You can see the users under the admin.powerplatform.com and going into Settings to access the users.  You can then look at the user and the roles assigned.  Another situation could exist where you assign the user to a security group that is setup as a team in Dataverse with roles assigned.   I assume this is not the situation though but this is actually best practice (see:  https://docs.microsoft.com/en-us/power-platform/admin/database-security#create-or-configure-a-custom...

 

Thanks,


Drew 

Hope this helps. Please accept if answers your question or Like if helps in any way.
Thanks,
Drew

View solution in original post

D_AGL
Frequent Visitor

Hi @dpoggemann 

That is great, thanks for your help on this 😊

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

M365 768x460.jpg

Microsoft 365 Collaboration Conference | December 7–9, 2021

Join us, in-person, December 7–9 in Las Vegas, for the largest gathering of the Microsoft community in the world.

Users online (3,188)