cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
halifaxious
Resolver II
Resolver II

business units and security roles

‎09-13-2021 08:35 AM

When I query the Security Roles table for the Basic User role (or any other standard role), I am surprised to receive multiple records. It appears that each Business Unit has a copy of the Basic User role (and all the other standard roles).

  • is this normal?
  • when I add the Basic User role to a Team, which copy should I use?
  • if I use the wrong copy of the Basic User role, how does it limit the Team's permissions?
Labels:
Message 1 of 3
507 Views
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
EricRegnier
Super User
Super User

‎09-13-2021 02:28 PM

Hi @halifaxious, so quickly answer your questions:

  1. yes it's normal/as designed
  2. You should role where the Team is in the business unit (BU). So if the Team is in the BU A, use the roles from BU A.
  3. You might grant more privileges than required and thus might hit privacy / security issues within your system

Here's a nice video summarizing security model in Dataverse: https://powerusers.microsoft.com/t5/Webinars-and-Video-Gallery/Security-in-Common-Data-Service-CDS/t...

Hope this helps!

View solution in original post

Message 3 of 3
474 Views
0 Kudos
2 REPLIES 2
rampprakash
Super User
Super User

‎09-13-2021 10:25 AM

Hi @halifaxious,

 

Yes it's an Expected Behaviour. Please find the sample example below

 

Business Unit :

 

BU1

BU2

 

Security Role:

SR1

SR2

 

Each Security role will be associated with each Business unit

 

BU1 - SR1

BU2 - SR1

BU1 - SR2

BU2 - SR2

 

When we assign a Business Unit to a User with Security role the Respective Security Role will get set from Business Unit.

 

If you are assigning it to team also assign it to Parent BU Security Role so that system can take care based on the User Logged in with their Business Units.

 

Hope it helps you, Let me know if you have any more queries.

 

Please mark as Answer if it is helpful and provide Kudos


Subscribe : https://www.youtube.com/channel/UCnGNN3hdlKBOr6PXotskNLA
Blog : https://microsoftcrmtechie.blogspot.com

 

 

Message 2 of 3
480 Views
0 Kudos
EricRegnier
Super User
Super User

‎09-13-2021 02:28 PM

Hi @halifaxious, so quickly answer your questions:

  1. yes it's normal/as designed
  2. You should role where the Team is in the business unit (BU). So if the Team is in the BU A, use the roles from BU A.
  3. You might grant more privileges than required and thus might hit privacy / security issues within your system

Here's a nice video summarizing security model in Dataverse: https://powerusers.microsoft.com/t5/Webinars-and-Video-Gallery/Security-in-Common-Data-Service-CDS/t...

Hope this helps!

Message 3 of 3
475 Views
0 Kudos

Helpful resources

Announcements
Power Apps News & Annoucements carousel

Power Apps News & Announcements

Keep up to date with current events and community announcements in the Power Apps community.

Community Call Conversations

Introducing the Community Calls Conversations

A great place where you can stay up to date with community calls and interact with the speakers.

Power Apps Community Blog Carousel

Power Apps Community Blog

Check out the latest Community Blog from the community!

View All
Users online (4,712)