cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
halifaxious
Resolver II
Resolver II

business units and security roles

When I query the Security Roles table for the Basic User role (or any other standard role), I am surprised to receive multiple records. It appears that each Business Unit has a copy of the Basic User role (and all the other standard roles).

  • is this normal?
  • when I add the Basic User role to a Team, which copy should I use?
  • if I use the wrong copy of the Basic User role, how does it limit the Team's permissions?
1 ACCEPTED SOLUTION

Accepted Solutions
EricRegnier
Super User
Super User

Hi @halifaxious, so quickly answer your questions:

  1. yes it's normal/as designed
  2. You should role where the Team is in the business unit (BU). So if the Team is in the BU A, use the roles from BU A.
  3. You might grant more privileges than required and thus might hit privacy / security issues within your system

Here's a nice video summarizing security model in Dataverse: https://powerusers.microsoft.com/t5/Webinars-and-Video-Gallery/Security-in-Common-Data-Service-CDS/t...

Hope this helps!

View solution in original post

2 REPLIES 2
rampprakash
Power Participant
Power Participant

Hi @halifaxious,

 

Yes it's an Expected Behaviour. Please find the sample example below

 

Business Unit :

 

BU1

BU2

 

Security Role:

SR1

SR2

 

Each Security role will be associated with each Business unit

 

BU1 - SR1

BU2 - SR1

BU1 - SR2

BU2 - SR2

 

When we assign a Business Unit to a User with Security role the Respective Security Role will get set from Business Unit.

 

If you are assigning it to team also assign it to Parent BU Security Role so that system can take care based on the User Logged in with their Business Units.

 

Hope it helps you, Let me know if you have any more queries.

 

Please mark as Answer if it is helpful and provide Kudos


Subscribe : https://www.youtube.com/channel/UCnGNN3hdlKBOr6PXotskNLA
Blog : https://microsoftcrmtechie.blogspot.com

 

 

EricRegnier
Super User
Super User

Hi @halifaxious, so quickly answer your questions:

  1. yes it's normal/as designed
  2. You should role where the Team is in the business unit (BU). So if the Team is in the BU A, use the roles from BU A.
  3. You might grant more privileges than required and thus might hit privacy / security issues within your system

Here's a nice video summarizing security model in Dataverse: https://powerusers.microsoft.com/t5/Webinars-and-Video-Gallery/Security-in-Common-Data-Service-CDS/t...

Hope this helps!

View solution in original post

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Microsoft Ignite 768x460.png

Find your focus

Explore the latest tools,training sessions,technical expertise, networking and more.

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

Welcome Super Users.jpg

Super User Season 2

Congratulations, the new Super User Season 2 for 2021 has started!

Carousel 2021 Release Wave 2 Plan 768x460.jpg

2021 Release Wave 2 Plan

Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.

Users online (2,123)