cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
NaCarns
Helper I
Helper I

Restrict Entity Read/Creation/Deletion/Update in Model-driven App

Hello.

 

I've been scratching my head for days trying to figure this out, and unfortunately I'm not getting any closer.

 

1) Is there a way to restrict access of users in one Area of a MDA to another Area? I'm separating departments by Areas so I would like a user from Department (Area) 1 to not be able to access, create or read entities from Department (Area) 2. Is that possible at all? 

 

2) Can I set it up so that a user from one department (Area) can only read entities from another Area? 

 

3) When I create records/data in entities from one Area, it also shows in another Area. Is there a way to create records of the same entity in one Area that won't show in another?

 

Any help would be appreciated. Sorry if this is the wrong section to post this, please move this if necessary. 

1 ACCEPTED SOLUTION

Accepted Solutions
ChrisPiasecki
Most Valuable Professional
Most Valuable Professional

Hi @NaCarns,

 

1. Security roles will control what your users will be able to see. If the security role(s) you assign to Area 1 does not have any read/write/create/delete access to Tables from your Area B, then they won't see them in your model driven app or via any other way.

 

2. You can use Business Units to logically separate your areas. When configuring your security roles, you can set Read access at the Organization level scope, and create/write/delete/assign/etc. at the Business Unit level. This will allow them to only modify records owned by users in their business unit ("area"), but still be able to read all records in that table.

 

3. Same concept as #2, use of business units and security roles to scope permissions at the correct level. In this scenario you would also set read access to be at the business unit level so they don't see records from other business units ("areas").

 

---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.

---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.
Chris

View solution in original post

4 REPLIES 4
ChrisPiasecki
Most Valuable Professional
Most Valuable Professional

Hi @NaCarns,

 

1. Security roles will control what your users will be able to see. If the security role(s) you assign to Area 1 does not have any read/write/create/delete access to Tables from your Area B, then they won't see them in your model driven app or via any other way.

 

2. You can use Business Units to logically separate your areas. When configuring your security roles, you can set Read access at the Organization level scope, and create/write/delete/assign/etc. at the Business Unit level. This will allow them to only modify records owned by users in their business unit ("area"), but still be able to read all records in that table.

 

3. Same concept as #2, use of business units and security roles to scope permissions at the correct level. In this scenario you would also set read access to be at the business unit level so they don't see records from other business units ("areas").

 

---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.

---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.
Chris

Thank you for the answer. This cleared a lot of my doubts. There's one thing I'm not fully understanding. So I separate departments by Business Units, and users part of a BU will be assigned a security role with the relevant permissions. 

 

Thing is, I need to have my departments separated by Area (the bottom left option in a model-driven app). If a user is in the Area called Department A for example, and he's part of a BU called Department A with his own security roles, how would the Area be "linked" with the BU? How would it be known that this user, if he clicks on the Area called Department B,  can't modify the entities there for example? Note that many departments will share the same entities. Is there a way I can link the Areas with the BUs? So I kind of want 'Area-level security'. I'm sorry but that's the best way I can explain this with the level I am at now.

 

If it's confusing, I'll try and explain it better. Thank you.

ChrisPiasecki
Most Valuable Professional
Most Valuable Professional

Hi @NaCarns,

 

The navigation you refer to just controls what tables/dashboards/custom pages they navigate to. They aren't specific to business units or other filters. The records they see in views will be automatically filtered based on security (read), plus any filters you apply to a specific view. If they opened a particular record, it would be locked if they don't have write privileges. Or if they are in the view and they highlight a specific row, then the Edit button at the top command bar would not be available either.

 

If your "areas" share only some common tables but fundamentally do their work differently and have many other custom tables that only they need to use, then I would suggest creating separate Model-Driven Apps that are focused for a very specific use, rather than one common monolithic app.

 

You can create views, forms, dashboards for your tables tailored for your business areas, then you can choose which views/forms/dashboards you want to include in each app.

 

Hope this helps..

 

---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.

---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.
Chris

We did suggest to separate the application but one of the requirements of the clients, was a 'landing page' for each of their departments in the application. We assumed that they meant they require an app where different departments can navigate to their section through an options menu like the Areas. I can summarize their requirements if you want: 

 

Spoiler
They want an interactive performance management dashboard that provides comprehensive visual representation of an organization's KPIs, metrics, etc to senior stakeholders. Dashboard will include a repository section that allows any user to access and view resources, internal documents, etc.

Their requirements for the data entry portal (the application we were discussing) are as follows:
- develop online portal for data entry (not a website)
- user roles/groups should be defined for data input (manual input or Excel upload)
- portal should be accessible through their current D365 CRM system. Their departments should each should have a landing page on the portal
- KPI data captured by their existing CRM system should be linked and fed to the portal directly - capture and provide audit trails of all user activity

Power BI will be used for dashboards so they want to link Dynamics 365 with it.

If this is too tedious or demanding to help, it's fine. You've helped me enough. 

 

Many thanks. 

 

Helpful resources

Announcements

Tuesday Tip | How to Get Community Support

It's time for another Tuesday Tip, your weekly connection with the most insightful tips and tricks that empower both newcomers and veterans in the Power Platform Community! Every Tuesday, we bring you a curated selection of the finest advice, distilled from the resources and tools in the Community. Whether you’re a seasoned member or just getting started, Tuesday Tips are the perfect compass guiding you across the dynamic landscape of the Power Platform Community.       This Week: All About Community Support Whether you're a seasoned community veteran or just getting started, you may need a bit of help from time to time! If you need to share feedback with the Community Engagement team about the community or are looking for ways we can assist you with user groups, events, or something else, Community Support is the place to start.   Community Support is part of every one of our communities, accessible to all our community members.   Within each community's Community Support page, you'll find three distinct areas, each with a different focus to help you when you need support from us most. Power Apps: https://powerusers.microsoft.com/t5/Community-Support/ct-p/pa_community_support Power Automate: https://powerusers.microsoft.com/t5/Community-Support/ct-p/mpa_community_support Power Pages: https://powerusers.microsoft.com/t5/Community-Support/ct-p/mpp_community_support Copilot Studio: https://powerusers.microsoft.com/t5/Community-Support/ct-p/pva_community-support   Community Support Form If you need more assistance, you can reach out to the Community Team via the Community support form. Choose the type of support you require and fill in the form accordingly. We will respond to you promptly.    Thank you for being an active part of our community. Your contributions make a difference!   Best Regards, The Community Management Team

Community Roundup: A Look Back at Our Last 10 Tuesday Tips

As we continue to grow and learn together, it's important to reflect on the valuable insights we've shared. For today's #TuesdayTip, we're excited to take a moment to look back at the last 10 tips we've shared in case you missed any or want to revisit them. Thanks for your incredible support for this series--we're so glad it was able to help so many of you navigate your community experience!   Getting Started in the Community An overview of everything you need to know about navigating the community on one page!  Community Links: ○ Power Apps ○ Power Automate  ○ Power Pages  ○ Copilot Studio    Community Ranks and YOU Have you ever wondered how your fellow community members ascend the ranks within our community? We explain everything about ranks and how to achieve points so you can climb up in the rankings! Community Links: ○ Power Apps ○ Power Automate  ○ Power Pages  ○ Copilot Studio    Powering Up Your Community Profile Your Community User Profile is how the Community knows you--so it's essential that it works the way you need it to! From changing your username to updating contact information, this Knowledge Base Article is your best resource for powering up your profile. Community Links: ○ Power Apps ○ Power Automate  ○ Power Pages  ○ Copilot Studio    Community Blogs--A Great Place to Start There's so much you'll discover in the Community Blogs, and we hope you'll check them out today!  Community Links: ○ Power Apps ○ Power Automate  ○ Power Pages  ○ Copilot Studio    Unlocking Community Achievements and Earning Badges Across the Communities, you'll see badges on users profile that recognize and reward their engagement and contributions. Check out some details on Community badges--and find out more in the detailed link at the end of the article! Community Links: ○ Power Apps  ○ Power Automate  ○ Power Pages  ○ Copilot Studio    Blogging in the Community Interested in blogging? Everything you need to know on writing blogs in our four communities! Get started blogging across the Power Platform communities today! Community Links: ○ Power Apps  ○ Power Automate  ○ Power Pages  ○ Copilot Studio   Subscriptions & Notifications We don't want you to miss a thing in the community! Read all about how to subscribe to sections of our forums and how to setup your notifications! Community Links: ○ Power Apps  ○ Power Automate  ○ Power Pages  ○ Copilot Studio   Getting Started with Private Messages & Macros Do you want to enhance your communication in the Community and streamline your interactions? One of the best ways to do this is to ensure you are using Private Messaging--and the ever-handy macros that are available to you as a Community member! Community Links: ○ Power Apps  ○ Power Automate  ○ Power Pages  ○ Copilot Studio   Community User Groups Learn everything about being part of, starting, or leading a User Group in the Power Platform Community. Community Links: ○ Power Apps  ○ Power Automate  ○ Power Pages  ○ Copilot Studio   Update Your Community Profile Today! Keep your community profile up to date which is essential for staying connected and engaged with the community. Community Links: ○ Power Apps  ○ Power Automate  ○ Power Pages  ○ Copilot Studio   Thank you for being an integral part of our journey.   Here's to many more Tuesday Tips as we pave the way for a brighter, more connected future! As always, watch the News & Announcements for the next set of tips, coming soon!

Hear what's next for the Power Up Program

Hear from Principal Program Manager, Dimpi Gandhi, to discover the latest enhancements to the Microsoft #PowerUpProgram, including a new accelerated video-based curriculum crafted with the expertise of Microsoft MVPs, Rory Neary and Charlie Phipps-Bennett. If you’d like to hear what’s coming next, click the link below to sign up today! https://aka.ms/PowerUp  

Tuesday Tip: Community User Groups

It's time for another TUESDAY TIPS, your weekly connection with the most insightful tips and tricks that empower both newcomers and veterans in the Power Platform Community! Every Tuesday, we bring you a curated selection of the finest advice, distilled from the resources and tools in the Community. Whether you’re a seasoned member or just getting started, Tuesday Tips are the perfect compass guiding you across the dynamic landscape of the Power Platform Community.   As our community family expands each week, we revisit our essential tools, tips, and tricks to ensure you’re well-versed in the community’s pulse. Keep an eye on the News & Announcements for your weekly Tuesday Tips—you never know what you may learn!   Today's Tip: Community User Groups and YOU Being part of, starting, or leading a User Group can have many great benefits for our community members who want to learn, share, and connect with others who are interested in the Microsoft Power Platform and the low-code revolution.   When you are part of a User Group, you discover amazing connections, learn incredible things, and build your skills. Some User Groups work in the virtual space, but many meet in physical locations, meaning you have several options when it comes to building community with people who are learning and growing together!   Some of the benefits of our Community User Groups are: Network with like-minded peers and product experts, and get in front of potential employers and clients.Learn from industry experts and influencers and make your own solutions more successful.Access exclusive community space, resources, tools, and support from Microsoft.Collaborate on projects, share best practices, and empower each other. These are just a few of the reasons why our community members love their User Groups. Don't wait. Get involved with (or maybe even start) a User Group today--just follow the tips below to get started.For current or new User Group leaders, all the information you need is here: User Group Leader Get Started GuideOnce you've kicked off your User Group, find the resources you need:  Community User Group ExperienceHave questions about our Community User Groups? Let us know! We are here to help you!

Super User of the Month | Ahmed Salih

We're thrilled to announce that Ahmed Salih is our Super User of the Month for April 2024. Ahmed has been one of our most active Super Users this year--in fact, he kicked off the year in our Community with this great video reminder of why being a Super User has been so important to him!   Ahmed is the Senior Power Platform Architect at Saint Jude's Children's Research Hospital in Memphis. He's been a Super User for two seasons and is also a Microsoft MVP! He's celebrating his 3rd year being active in the Community--and he's received more than 500 kudos while authoring nearly 300 solutions. Ahmed's contributions to the Super User in Training program has been invaluable, with his most recent session with SUIT highlighting an incredible amount of best practices and tips that have helped him achieve his success.   Ahmed's infectious enthusiasm and boundless energy are a key reason why so many Community members appreciate how he brings his personality--and expertise--to every interaction. With all the solutions he provides, his willingness to help the Community learn more about Power Platform, and his sheer joy in life, we are pleased to celebrate Ahmed and all his contributions! You can find him in the Community and on LinkedIn. Congratulations, Ahmed--thank you for being a SUPER user!  

Tuesday Tip: Getting Started with Private Messages & Macros

Welcome to TUESDAY TIPS, your weekly connection with the most insightful tips and tricks that empower both newcomers and veterans in the Power Platform Community! Every Tuesday, we bring you a curated selection of the finest advice, distilled from the resources and tools in the Community. Whether you’re a seasoned member or just getting started, Tuesday Tips are the perfect compass guiding you across the dynamic landscape of the Power Platform Community.   As our community family expands each week, we revisit our essential tools, tips, and tricks to ensure you’re well-versed in the community’s pulse. Keep an eye on the News & Announcements for your weekly Tuesday Tips—you never know what you may learn!   This Week's Tip: Private Messaging & Macros in Power Apps Community   Do you want to enhance your communication in the Community and streamline your interactions? One of the best ways to do this is to ensure you are using Private Messaging--and the ever-handy macros that are available to you as a Community member!   Our Knowledge Base article about private messaging and macros is the best place to find out more. Check it out today and discover some key tips and tricks when it comes to messages and macros:   Private Messaging: Learn how to enable private messages in your community profile and ensure you’re connected with other community membersMacros Explained: Discover the convenience of macros—prewritten text snippets that save time when posting in forums or sending private messagesCreating Macros: Follow simple steps to create your own macros for efficient communication within the Power Apps CommunityUsage Guide: Understand how to apply macros in posts and private messages, enhancing your interaction with the Community For detailed instructions and more information, visit the full page in your community today:Power Apps: Enabling Private Messaging & How to Use Macros (Power Apps)Power Automate: Enabling Private Messaging & How to Use Macros (Power Automate)  Copilot Studio: Enabling Private Messaging &How to Use Macros (Copilot Studio) Power Pages: Enabling Private Messaging & How to Use Macros (Power Pages)

Users online (3,317)