Hey everyone.
I've been trying to determine if the following is a correct way of thinking or if perhaps I've been drawing the wrong conclusions based off of varying documentation I read. This has all been in an effort to establish a more formalized process in terms of deving/pushing PowerPlatform (primarily automate flows) into prod.
So essentially - We have a bunch of established tables/processes living in a prod environment now, we are looking to further enable some folks to continue exploring/developing on PowerPlatform. I know typically the personal dev / sandbox environment is what we want, but I guess the questions I'm having a hard time answering are as follows:
1) If a sandbox is dataverse enabled, does it have access to all tables in prod?
1a) If yes, is there a way to restrict changes to live data?
- Mostly as I imagine our initial steps to further enabling PowerPlatform use in the org will be the folks who interact heavily with D365 and add flows for different things within, but obviously we don't necessarily want testing/dev work to be done on live tables. However, wasn't sure the best approach in terms of replicating the prod env to really help ensure that implementing a new flow into prod wouldn't be overly problematic. Further, I wasn't sure if there were some implications here that I wasn't considering.
2) Would it be more appropriate to have sample data piped into the sandbox env in some way?
3) Assuming we at some point expand our usage of Dataverse/PowerPlat, is there an easy way to implement security controls surrounding the tables that might necessitate them? Strictly specific critical tables; I'm somewhat aware of business units/security roles; but was unsure about how these are segmented from a security perspective.
Ultimately, goal is to explore what constitutes a best practice given our situation; it's also been a little tricky as previously a lot of the work was done just in prod, but for obvious reasons we're looking toward establishing a more formal pipeline of sorts.