cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
halifaxious
Resolver II
Resolver II

business units and security roles

When I query the Security Roles table for the Basic User role (or any other standard role), I am surprised to receive multiple records. It appears that each Business Unit has a copy of the Basic User role (and all the other standard roles).

  • is this normal?
  • when I add the Basic User role to a Team, which copy should I use?
  • if I use the wrong copy of the Basic User role, how does it limit the Team's permissions?
1 ACCEPTED SOLUTION

Accepted Solutions
EricRegnier
Super User
Super User

Hi @halifaxious, so quickly answer your questions:

  1. yes it's normal/as designed
  2. You should role where the Team is in the business unit (BU). So if the Team is in the BU A, use the roles from BU A.
  3. You might grant more privileges than required and thus might hit privacy / security issues within your system

Here's a nice video summarizing security model in Dataverse: https://powerusers.microsoft.com/t5/Webinars-and-Video-Gallery/Security-in-Common-Data-Service-CDS/t...

Hope this helps!

View solution in original post

2 REPLIES 2
rampprakash
Memorable Member
Memorable Member

Hi @halifaxious,

 

Yes it's an Expected Behaviour. Please find the sample example below

 

Business Unit :

 

BU1

BU2

 

Security Role:

SR1

SR2

 

Each Security role will be associated with each Business unit

 

BU1 - SR1

BU2 - SR1

BU1 - SR2

BU2 - SR2

 

When we assign a Business Unit to a User with Security role the Respective Security Role will get set from Business Unit.

 

If you are assigning it to team also assign it to Parent BU Security Role so that system can take care based on the User Logged in with their Business Units.

 

Hope it helps you, Let me know if you have any more queries.

 

Please mark as Answer if it is helpful and provide Kudos


Subscribe : https://www.youtube.com/channel/UCnGNN3hdlKBOr6PXotskNLA
Blog : https://microsoftcrmtechie.blogspot.com

 

 

EricRegnier
Super User
Super User

Hi @halifaxious, so quickly answer your questions:

  1. yes it's normal/as designed
  2. You should role where the Team is in the business unit (BU). So if the Team is in the BU A, use the roles from BU A.
  3. You might grant more privileges than required and thus might hit privacy / security issues within your system

Here's a nice video summarizing security model in Dataverse: https://powerusers.microsoft.com/t5/Webinars-and-Video-Gallery/Security-in-Common-Data-Service-CDS/t...

Hope this helps!

View solution in original post

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

M365 768x460.jpg

Microsoft 365 Collaboration Conference | December 7–9, 2021

Join us, in-person, December 7–9 in Las Vegas, for the largest gathering of the Microsoft community in the world.

Users online (1,862)