This article is for Microsoft 365 (M365) and Microsoft Dynamics 365 (D365) professionals of all levels, from beginner to expert. Readers should be familiar with the concepts discussed in this article. If not, Microsoft Learn is a great place to start.
In the article, you will learn about:
- Microsoft Power Platform
- Microsoft Dataverse
- Dataverse security roles
Introduction to Microsoft Power Platform and Dataverse
Microsoft Power Platform is a collection of low-code development tools that allow users to build custom business applications, automate workflows, and analyze data. Additionally, it integrates with D365, Microsoft Azure, Microsoft Teams, GitHub, and other Microsoft and third-party applications.
Microsoft Power Platform enables users to streamline processes, gain insights from their data, and build custom solutions to meet their business needs. It is designed to be accessible to users with varying levels of technical expertise, which makes it easier for organizations to create custom applications and automate workflows.
Microsoft Dataverse allows you to securely store and manage data used by business applications. Data within Dataverse is stored in a set of tables. A table consists of rows (formerly referred to as records) and columns (formerly referred to as fields or attributes).
Each column in a table is designed to store a specific type of data, such as name, age, or salary. Dataverse includes a base set of standard tables that cover common scenarios, but you can also create custom tables tailored to your organization’s needs. App makers can then use Power Apps, whether Model-driven apps, Canvas apps, or Power Pages, to build rich applications that leverage this data.
Figure 1 – Power Platform architecture
When to Use Dataverse
Standard and custom tables within Dataverse provide a secure, cloud-based storage solution for your data. Tables allow you to define your organization's data structure for use within apps. They are an ideal choice for the following reasons:
- Easy to manage – Both the metadata and data are stored in the cloud. You don't need to worry about the details of how they're stored.
- Easy to secure – Data is securely stored, and users can only access it if granted permission. Role-based security allows you to control table access for different users within your organization.
- Access your D365 data – Data from your D365 applications is also stored in Dataverse, enabling you to quickly build apps that leverage this data and extend functionality using Power Apps (both Model-driven and Canvas apps).
- Rich metadata – Data types and relationships are directly integrated into Power Apps.
- Logic and validation – Define calculated columns, business rules, workflows, and business process flows to ensure data quality and drive business processes.
- Productivity tools – Tables are available within the add-ins for Microsoft Excel to increase productivity and ensure data accessibility.
It is recommended that you use the already existing Standard tables (formerly "Entities") in Dataverse and customize them (add more columns, configure settings, etc). Some standard tables are as follows:
- "Customer" Tables – Account, Contact, Customer Address, etc.
- "Activity" Table – An activity is like a calendar event with start time, end time, due date, and duration.
- "Annotation" (Notes) Table – This table can also be used to store attachments.
- "User" Table – This is your internal employees and is used to assign ownership of records.
Also read: Top Advantages of Connecting MS Forms to SharePoint Online for Better Workflow
5 Predefined Security Roles
Dataverse includes several predefined security roles that help manage user access and permissions. Here are five essential roles to start with:
- Environment Admin – This role has full administrative permissions. Users with this role can manage all security roles within the environment, including Environment Admin and Environment Maker. They can also provision the Dataverse environment database and access all data and tables, whether standard or custom.
- Environment Maker – Users with this role can create new resources, such as apps, flows, pages, custom connections, and custom APIs. However, they do not have permission to view data or tables within the environment.
- System Administrator – This is a powerful role with full control over administration and customization. System Administrators can create, modify, and assign security roles. They also have unrestricted access to all data and tables in the environment.
- System Customizer – Users in this role have full customization rights but limited data access. They can modify all tables, both standard and custom. However, they can only view records they create within the Account, Contact, and Activity tables.
- Basic User – This is the most restricted role. Basic Users can run apps that have been shared with them, but they can only view standard tables.
Tip:
A full list of predefined security roles can be found @ https://learn.microsoft.com/en-us/power-platform/admin/database-security.
Note:
"System Administrator" has full permission to customize or administer the environment, including creating, modifying, and assigning security roles. This security role can view all data (tables) in the environment.
Ideally, you should create a custom security role using System Customizer as a template. When doing so, remove specific privileges that would allow users assigned to this role to patch related tables in a Power Apps Canvas App front end.
Security roles can be applied at the following scopes:
- Organization – Grants access to all users within the environment.
- Business Unit – Applies to users within a specific top-level business unit, which can also serve as a parent to other business units.
- Parent: Child Business Unit – Extends access to both a parent business unit and its child business units.
- User – Assigns permissions to an individual user based on their license and role within the environment.
Conclusion
In summary, Dataverse relies on role-based security to manage access and permissions effectively. Security roles can be assigned directly to users or applied to teams and business units. By grouping users under a team, organizations can streamline access control so that everyone within the team benefits from the assigned role. This structured approach helps maintain security while allowing flexibility in managing user permissions.
