cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
kkarikar
Helper I
Helper I

Hide Dataverse tab in Power Platform/Avoid users from making edits directly in Dataverse DB

Hello everyone,

 

I researched for days and haven't found any documentation on this. I apologize if this is not the right forum to post this. If it isn't, please direct me to the right place.

With the new Dataverse update our team is concerned with having an easy access to edit data in all data tables in dataverse. 

 

kkarikar_0-1656519211915.png

 

Users can access apps shared with them via App tab and within the app we have security which changes during different stages of our application process.

Example: If a user has security role where they're able to create a record, write/edit a record in a table "Test". During an approval process that the record goes through, this user is not allowed to make changes to that record in "Test" table in the canvas app (we have used logic to disable some edit/save buttons). But, this user can go into the dataverse tab (highlighted in Screenshot 1), look for "Test" table, and edit that record (Screenshot 2) which we want to prevent. 

 

kkarikar_2-1656519312762.png

 

"Dataverse" tab can be easily opened by users, they can access the tables and edit data accidentally/intentionally. We want to avoid users from making changes directly into the Dataverse DB as this can alter the process flow in the application.

 

If hiding the Dataverse tab itself it not possible, I am very open to workarounds. I am not sure if it is possible to hide tables in dataverse from users. Or if there is any security role set up to accomplish this.

 

Thank you so much in advance!

1 ACCEPTED SOLUTION

Accepted Solutions
AhmedSalih
Solution Sage
Solution Sage

@kkarikar, I had a similar requirement and my users had Read/Write Access on Custom Tables. On that Custom Security Role, I made sure they don't have any Customization access: 

AhmedSalih_4-1656621589918.png

 

 

**Again, they don't have Create Access so I am not sure if that would make a difference.

Now, If they try to access the Dataverse, this what they see:

 

AhmedSalih_3-1656621542947.png

 

 

 

Regards,
Ahmed
If my reply helped you, please give a 👍. And if it has solved your issue, please consider Accept it as the Solution to help other members in the community find it more.

View solution in original post

7 REPLIES 7
rampprakash
Super User
Super User

Hi @kkarikar 

 

Am afraid it is not Possible.

 

Please mark as Answer if it is helpful and provide Kudos


Subscribe : https://www.youtube.com/channel/UCnGNN3hdlKBOr6PXotskNLA
Follow me on Twitter : @rampprakashd
Blog : https://microsoftcrmtechie.blogspot.com

Mira_Ghaly
Dual Super User II
Dual Super User II

@kkarikar 

What are th security roles assigned to these users?

I believe if they don't have environment maker or system customiser roles then they won't be able to access the maker portal.

 

If this post helps you with your problem, please mark your as Accepted solution.If you like my response, please give it a Thumbs Up.

Blog: here
kkarikar
Helper I
Helper I

Hi @Mira_Ghaly,

 

We have created a custom role with minimum privileges required to run a canvas app (every user has this role) and additional custom role for users with create/write privileges on custom tables (this is different person by person due to their roles in the system).

 

These are the custom tables we don't want them to edit from DB directly during a specific process stage in our canvas app. Other times, these users are allowed to make edits/create new records in custom tables they have access to but always only through canvas app and never directly from dataverse. 

 

Please let me know if you'd like more information.

Thank you so much for your response.

AhmedSalih
Solution Sage
Solution Sage

@kkarikar, I had a similar requirement and my users had Read/Write Access on Custom Tables. On that Custom Security Role, I made sure they don't have any Customization access: 

AhmedSalih_4-1656621589918.png

 

 

**Again, they don't have Create Access so I am not sure if that would make a difference.

Now, If they try to access the Dataverse, this what they see:

 

AhmedSalih_3-1656621542947.png

 

 

 

Regards,
Ahmed
If my reply helped you, please give a 👍. And if it has solved your issue, please consider Accept it as the Solution to help other members in the community find it more.

Mira_Ghaly
Dual Super User II
Dual Super User II

@AhmedSalih 

This looks correct to me but not sure what can be done in @kkarikar case where he need the create permission, so disabling customisation is definately correct but not sure what is the case if the create permissions are there, I will replicate in my environment and will let you know.

 

If this post helps you with your problem, please mark your as Accepted solution.If you like my response, please give it a Thumbs Up.

Blog: here

Thank you @AhmedSalih! I implemented the solution and it worked for me!! 🙂

@Mira_Ghaly , thank you for your help! 🙂

Helpful resources

Announcements
Power Platform Conf 2022 768x460.jpg

Join us for Microsoft Power Platform Conference

The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.

Carousel_PP_768x460_Wave2 (1).png

2022 Release Wave 2 Plan

Power Platform release plan for the 2022 release wave 2 describes all new features releasing from October 2022 through March 2023.

365 EduCon 768x460.png

Microsoft 365 EduCon

Join us for two optional days of workshops and a 3-day conference, you can choose from over 130 sessions in multiple tracks and 25 workshops.

Users online (5,223)