Share a row

(0) Share

Report

Posted on by CU01120811-0

Hello everyone,

I need some help with a requirement in my model-driven app.

I have 3 tables: Risk, Plan, and KRI.

Relationships:

Risk (1-n) Plan
Risk (1-n) KRI

Scenario:

When an Admin creates a Risk record, the BU Head receives an email and can see the Risk record.

The BU Head can then assign that Risk to a BU User in the same Business Unit.

The BU Head can also create a Plan for that Risk and assign a Plan Owner (who may belong to another BU).

Both the BU User and the Plan Owner should be able to edit the Risk or Plan assigned to them.

My question is: how do I assign a specific user to a specific record?

I heard that we can use the Grant Access action in Power Automate, but I don’t know the exact flow.

Also, what permissions does the BU Head role need (CRUD, share, etc.)?

And what permissions does a BU User need so they can only see and edit the Risk records that are assigned to them?

I am also confused about the Business Unit structure.

In my app, I have:

Level 1: Org… (root BU) → Admin belongs here
Level 2: Group
Level 3: BU (actual business units)

All BU Heads and BU Users belong to the level-3 BUs.

But when I edit the BU Head role in the Admin Center, it is shown under the level-1 BU (Org…), and I set Read permission as “Business Unit” scope.

My question:

Will the BU Head only see Risk records in their own BU (level 3)?

Or will they see all records in the entire Org and I have to filter them in the Canvas App manually?

For example, I assigned a user as BU Head of the “Brand” BU — what exactly will they be able to see?

Categories:

Solution Explorer

I have the same question (0)

All responses (3)

Answers (1)

Verified answer

Michael E. Gernaey 52,857 Super User 2025 Season 2 on at

Like (0)

Report

Share a row

Hi @CU01120811-0

So let's look at Tables in General

1. They are either built in or Custom

2. Rows are ownable by Teams or Users.

To make it only visible (the rows) by the owner:

-go to the Table (in your solution, or in the default solution)

-Under advanced options you have to pick if its a Team or User that owns it, where if its a User, that is what you want (you said).

Now I realize this is at the table level, but it means for each row, not the table.

Ok now you have the Table setup, but there is also the need for Roles and then also you have to set the actual Table to have what level of access etc.

So my tables (short list)

I click Account ... and then in Table Properties click Properties.

Then click Advanced Options

Now you see here it says User OR Team, but in your case you only want users so you would want to change this on your custom tables.

That or you have to really setup some cool roles

now I have to go to the Admin

Now go to Security Roles

For whatever role you WANT to have access to that Table, and only that Table you need to find the ROLES you setup so lets pic basic user

And you can see Basic User Role, for Account, tells the system things are done at the user level

So this would force each row to be owned by a user, which is what you wanted.

If they only have BU scope, they will only see their own BU (records from people there), they will not see everything in the org no.

However, without seeing all the roles etc people have, its harder to tell you 100000% what is going to be visible and what is not.

So we need to make sure that the granular level of what you want ANY role to see, including BU Heads and Admins is defined in the roles, except in some cases its not something you can block. But in this case its just their BU.

If these suggestions help resolve your issue, Please consider Marking the answer as such and also maybe a like.

Thank you!
Sincerely, Michael Gernaey

1 people found this reply helpful.

Was this reply helpful? Yes No
Suggested answer

CU01120811-0 6 on at

Like (0)

Report
Share a row

I have the following scenario with three users:

User 1 – System Administrator, BU = Org (root)

User 2 – BU Head, BU = Brand (L3: Root → Brand & Marketing → Brand)

User 3 – BU User, BU = Brand

I have a Canvas App with text inputs and dropdowns. When User 1 clicks Save, a new record is created in Dataverse and a notification is sent to the BU Head (User 2).

At the moment, the owner of the record is still User 1.

My questions

Do I need to assign the record from User 1 to User 2, or can I keep User 1 as the owner and simply give the BU Head Read/Write access at the Business Unit level?

In other words, is it acceptable that User 1 remains the owner, but User 2 (BU Head) can still view and edit the record through BU-level permissions?

On the Canvas app, when User 2 opens the new record, they can see a dropdown listing all BU Users in their BU.

Should these users only need User-level Read and Write permissions for the table?

And should the actual granting of access be done using Power Automate (because Canvas App cannot run Dataverse “Assign” or “Share” operations directly)?

Once shared, User 3 should see that record in their own Risk List screen.

The BU Head can select one or many Users and press a Share button.

What is the correct way to make sure only the selected users (e.g., User 3) can view and edit that specific record?

Could you confirm the best practice for:

- Whether ownership needs to be reassigned

- What exact permission scope BU Users need

- And whether Power Automate is required to perform the Share/Grant access action

Thank you!

Was this reply helpful? Yes No
CU01120811-0 6 on at

Like (0)

Report
Share a row

HI @Michael E. Gernaey,
I have the following scenario with three users:

User 1 – System Administrator, BU = Org (root)

User 2 – BU Head, BU = Brand (L3: Root → Brand & Marketing → Brand)

User 3 – BU User, BU = Brand

I have a Canvas App with text inputs and dropdowns. When User 1 clicks Save, a new record is created in Dataverse and a notification is sent to the BU Head (User 2).

At the moment, the owner of the record is still User 1.

My questions

Do I need to assign the record from User 1 to User 2, or can I keep User 1 as the owner and simply give the BU Head Read/Write access at the Business Unit level?

In other words, is it acceptable that User 1 remains the owner, but User 2 (BU Head) can still view and edit the record through BU-level permissions?

On the Canvas app, when User 2 opens the new record, they can see a dropdown listing all BU Users in their BU.

Should these users only need User-level Read and Write permissions for the table?

And should the actual granting of access be done using Power Automate (because Canvas App cannot run Dataverse “Assign” or “Share” operations directly)?

Once shared, User 3 should see that record in their own Risk List screen.

The BU Head can select one or many Users and press a Share button.

What is the correct way to make sure only the selected users (e.g., User 3) can view and edit that specific record?

Could you confirm the best practice for:

- Whether ownership needs to be reassigned

- What exact permission scope BU Users need

- And whether Power Automate is required to perform the Share/Grant access action

Thank you!

PS: All my table is currently is User or Team Owned, Admin is System Adminitraror, Bu Head have permission on table Risk as Read, write, share (all BU level), Bu User have permission on table Risk as Read and Write (User level). Is it correct?

Was this reply helpful? Yes No