cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Medoomi
Resolver I
Resolver I

Permissions - without being an environment maker, how can a user access CDS data?

I'm trouble-shooting permissions. I have an environment in which some of the entities contain financial information I'd prefer to keep obfuscated/partially-hidden. If I deny the environment maker role to all other users of the environment, how would someone gain access to the raw data in the CDS entities? Obviously, they have permission to view/edit them (they have permission to use the app built upon them), but how "hidden" would i be from a user who is not familiar with CDS/environments etc.?

1 ACCEPTED SOLUTION

Accepted Solutions
HSheild
Super User
Super User

Hi @Medoomi,

If users still have access to the entity then they could use Advanced Find or create Personal views to expose the financial data.

Have you looked at Field Level Security? It allows you to secure certain fields on an entity.

https://docs.microsoft.com/en-us/power-platform/admin/field-level-security

View solution in original post

3 REPLIES 3
HSheild
Super User
Super User

Hi @Medoomi,

If users still have access to the entity then they could use Advanced Find or create Personal views to expose the financial data.

Have you looked at Field Level Security? It allows you to secure certain fields on an entity.

https://docs.microsoft.com/en-us/power-platform/admin/field-level-security

View solution in original post

Thx so much @HSheild, that looks exactly like what I was looking for.

Quick question: If I enabled field level security for a field, that would call an error response in a canvas app if I had code referencing that field wouldn't it? i.e. I would need to be careful about removing code for users who didn't have view permissions on those fields, right?

Another quick question: If I used the default environment, given that new users are automatically given the role of environment maker, will field level security trump this role and still restrict their access?

Hi @Medoomi 

 


@Medoomi wrote:

 

Quick question: If I enabled field level security for a field, that would call an error response in a canvas app if I had code referencing that field wouldn't it? i.e. I would need to be careful about removing code for users who didn't have view permissions on those fields, right?


Good question, I'm not sure exactly what would happen in the Canvas if you referenced the secure field that the user cannot read.  There might not be an error in the Canvas App but the user definitely won't be able to see the data if they don't have permissions under the field security settings.  Test it out and let us know what you find 😀

 


@Medoomi wrote:

Another quick question: If I used the default environment, given that new users are automatically given the role of environment maker, will field level security trump this role and still restrict their access?


Field security is applied at the database level (Common Data Service). Environment Makers should still have their data access restricted by the field security.  Only the System Administrator security role overrides field security.  One thing that you might want to check is whether Environment Makers can edit Field Security profiles.  To be honest, if you have sensitive data that you want to protect then you should not use the Default Environment, create a new Production environment as you have more control over it.  The Default environment should be treated as a play pen.

Helpful resources

Announcements
PA_User Group Leader_768x460.jpg

Manage your user group events

Check out the News & Announcements to learn more.

Power Query PA Forum 768x460.png

Check it out!

Did you know that you can visit the Power Query Forum in Power BI and now Power Apps

Carousel 2021 Release Wave 2 Plan 768x460.jpg

2021 Release Wave 2 Plan

Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.

R2 (Green) 768 x 460px.png

Microsoft Dynamics 365 & Power Platform User Professionals

DynamicsCon is a FREE, 4 half-day virtual learning experience for 11,000+ Microsoft Business Application users and professionals.

Users online (1,876)