cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
AlexW1
Regular Visitor

Model-Driven App Permissions

Hello, 

 

I was hoping to get some advice on model-app permissions. I have a custom table for gym inductions and I use it to assign clients to personal trainers for an induction session. The table uses a lookup to search for clients in Contact and a lookup for personal trainers in User table. Personal trainers cannot assign clients to themselves and create records. 

 

I would like to give the ability for personal trainers to sign in into the app and see a list of all the clients that have been assigned to them. I created a security role out of the Basic User and gave it Basic Read privileges for the Induction table. However,  as a test if I sign in as a personal trainer - I see nothing. If I bump up the permission level to Local, I can then see the assignments for myself and other personal trainers.

 

Could someone advice how to make sure a personal trainer only see the clients that have been assigned to them and no one else? 

 

Many thanks, 

Alex

 

2 REPLIES 2
cchannon
Super User
Super User

As with all things Dataverse, there are about a dozen ways you can approach this problem, and the 'correct' one depends on what else you're doing with these records.

 

A few questions that would help us offer suggestions:

- Is it valid to have more than one Induction at a time? Or ever? What should happen if there is more than one?

- Are there users who should see all contacts, regardless of who the trainer is?

- Are there valid cases when a trainer needs to grant another trainer temporary or extended visibility to their contacts (e.g. if they are out sick)

- Do the trainers have a hierarchy of some kind? As in managers that can see the Contacts associated with the trainers that report to them, but not the trainers of other managers.

 

Thank you very much for your response, @cchannon 

 

I hope my answers to your helpful questions will make sense: 

 

- Is it valid to have more than one Induction at a time? Or ever? What should happen if there is more than one?

Our personal trainers can be assigned as many clients as necessary and it is up to them to later get in touch with these clients and schedule the actual induction. From our standpoint, we just assign them clients and the scheduling of the actual induction happens via a Canvas app. 

 

- Are there users who should see all contacts, regardless of who the trainer is?

Yes, we have users (e.g. me) who should be able to see all contacts, regardless of who the trainer is. It is just the trainer who is supposed to see only those clients who have been assigned to them by e.g. me.

 

- Are there valid cases when a trainer needs to grant another trainer temporary or extended visibility to their contacts (e.g. if they are out sick)

The trainer should be able to reassign the client to another trainer if they are unable to do the induction. When the client is reassigned, the personal trainer should no longer have this client in their list.

 

- Do the trainers have a hierarchy of some kind? As in managers that can see the Contacts associated with the trainers that report to them, but not the trainers of other managers.

There is no hierarchy for personal trainers at the moment. 

 

I hope I provided enough information for a possible recommendation. Thank you one more time for responding to my question.

Helpful resources

Announcements
Power Platform Call June 2022 768x460.png

Power Platform Community Call

Join us for the next call on August 17, 2022 at 8am PDT.

Power Platform Conf 2022 768x460.jpg

Join us for Microsoft Power Platform Conference

The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.

365 EduCon 768x460.png

Microsoft 365 EduCon

Join us for two optional days of workshops and a 3-day conference, you can choose from over 130 sessions in multiple tracks and 25 workshops.

Users online (1,509)