Announcements
Greetings, community. I have a scenario where I want to let users work on data in the Dataverse BUT I want to ensure that their only means of working on records is via a Power App + Power Automate flows. I want to be sure that people can't manually go in or create their own apps/flows to change data directly. Is there some way to achieve this with the Dataverse?
If this were a traditional DB, this might be achieved via a service principal/account, so users wouldn't have direct access and had to use an application interface.
@arpost - users are only permitted to create flows in the default environment. They will not have permission to create or update flows in your environment unless they have the required security role (e.g. a non admin role such as Environment Maker).
Further reading:
https://learn.microsoft.com/en-us/power-automate/desktop-flows/desktop-flows-security
Thank you for your reply, @Amik. That's good to know. So would a similar thing happen if User A attempted to create a Power Automate flow that interacted with the Dataverse table or a Power App? Basically, I want to be sure there isn't a hidden backdoor that a person could use to access the data.
@arpost -
If we're not talking about security in Dataverse for Teams (which is controlled by the Office 365 Group), Dataverse works under the principle of least privilege/deny by default. Only users who are granted either a Dynamics 365 Service Admin, Office 365 Power Platform Admin, System Admin and System Customizer role will have access to the underlying tables.
Users would not be able to directly access underlying data unless the correct security role have been granted. Let's suppose for example that User A has been granted a security role which grants access to the Canvas App, as well as permission to read, edit, and create items in Dataverse table used by the Canvas App. However, User B (who has one of the Admin or Reader roles) copies the hyperlink to the Dataverse table and then shares that link with User A; this is what User A will see if they opened that link:
Further reading: https://learn.microsoft.com/en-us/power-platform/admin/database-security
Stay up to date on forum activity by subscribing. You can also customize your in-app and email Notification settings across all subscriptions.