Reply
Level: Power Up
Posts: 1
Registered: ‎04-12-2017

Common Data Service Database Security

Hi,

 

I have created a database within my organisations default Environment.

 

I have selected Restrict Access and then have not added any Permission Sets to the Organization User.

 

All users still seem to be able to access the database and entities when in PowerApps.

 

I thought that by default no access rights were assigned?

 

Anyone help?

 

Cheers

 

Mark

Level 10
Posts: 581
Registered: ‎04-29-2016

Re: Common Data Service Database Security

Therein lies the dilemma: your users need create/update/read/delete permissions to your entities so that they can interact with the data, but in turn, users can download the entity and see all the data in Excel. If you revoke read access, they can't pull up any data.

 

It's a huge security flaw if you want to use CDS for sensitive or semi-sensitive data that you don't want all your users to download. I quit making my gradebook app because of this concern.

 

In December, I proposed an Idea expanding permissions to include limiting access to Excel or adding more specific read access. Please upvote the idea--it should the a top priority:

https://powerusers.microsoft.com/t5/PowerApps-Ideas/Expand-CDM-Permissions/idi-p/16475

 

http://www.8bitclassroom.com
@8bitclassroom
Highlighted
Level: Power Up
Posts: 1
Registered: ‎04-12-2017

Re: Common Data Service Database Security

Hi mr-dang,

 

I'm aware that for them to have access to specific entities through an app they will inherit access to the whole entity; agree that's not great.

 

However my issue is that I haven't given any users access to anything yet but they can still see all of the entities in Power Apps. How do I set it up so no one can see anything until I assign permission sets to user roles and add users to them?

 

Cheers

 

Mark