cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Medoomi
Helper V
Helper V

Permissions - without being an environment maker, how can a user access CDS data?

I'm trouble-shooting permissions. I have an environment in which some of the entities contain financial information I'd prefer to keep obfuscated/partially-hidden. If I deny the environment maker role to all other users of the environment, how would someone gain access to the raw data in the CDS entities? Obviously, they have permission to view/edit them (they have permission to use the app built upon them), but how "hidden" would i be from a user who is not familiar with CDS/environments etc.?

1 ACCEPTED SOLUTION

Accepted Solutions
HSheild
Super User
Super User

Hi @Medoomi,

If users still have access to the entity then they could use Advanced Find or create Personal views to expose the financial data.

Have you looked at Field Level Security? It allows you to secure certain fields on an entity.

https://docs.microsoft.com/en-us/power-platform/admin/field-level-security

View solution in original post

3 REPLIES 3
HSheild
Super User
Super User

Hi @Medoomi,

If users still have access to the entity then they could use Advanced Find or create Personal views to expose the financial data.

Have you looked at Field Level Security? It allows you to secure certain fields on an entity.

https://docs.microsoft.com/en-us/power-platform/admin/field-level-security

Thx so much @HSheild, that looks exactly like what I was looking for.

Quick question: If I enabled field level security for a field, that would call an error response in a canvas app if I had code referencing that field wouldn't it? i.e. I would need to be careful about removing code for users who didn't have view permissions on those fields, right?

Another quick question: If I used the default environment, given that new users are automatically given the role of environment maker, will field level security trump this role and still restrict their access?

Hi @Medoomi 

 


@Medoomi wrote:

 

Quick question: If I enabled field level security for a field, that would call an error response in a canvas app if I had code referencing that field wouldn't it? i.e. I would need to be careful about removing code for users who didn't have view permissions on those fields, right?


Good question, I'm not sure exactly what would happen in the Canvas if you referenced the secure field that the user cannot read.  There might not be an error in the Canvas App but the user definitely won't be able to see the data if they don't have permissions under the field security settings.  Test it out and let us know what you find 😀

 


@Medoomi wrote:

Another quick question: If I used the default environment, given that new users are automatically given the role of environment maker, will field level security trump this role and still restrict their access?


Field security is applied at the database level (Common Data Service). Environment Makers should still have their data access restricted by the field security.  Only the System Administrator security role overrides field security.  One thing that you might want to check is whether Environment Makers can edit Field Security profiles.  To be honest, if you have sensitive data that you want to protect then you should not use the Default Environment, create a new Production environment as you have more control over it.  The Default environment should be treated as a play pen.

Helpful resources

Announcements
Power Platform Conf 2022 768x460.jpg

Join us for Microsoft Power Platform Conference

The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.

May UG Leader Call Carousel 768x460.png

June User Group Leader Call

Join us on June 28 for our monthly User Group leader call!

PA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

This training provides practical hands-on experience in creating Power Apps solutions in a full-day of instructor-led App creation workshop.

PA.JPG

New Release Planning Portal (Preview)

Check out our new release planning portal, an interactive way to plan and prepare for upcoming features in Power Platform.

Users online (906)