Can Environment Maker access data from Dataverse?

(0) Share

Report

Posted on by Community Power Pla...

Hi,

I am a new Environment System Administrator and I need to decide proper Security Role for other team members.

Other team members need access that allow them to:

- Create Dataverse custom tables

- Create Dataverse views to validate user inputs are captured correctly in the back-end

- Develop the required applications using Dataverse custom tables

Q1: If I assign Environment Maker to other team members; do they have proper Security Roles to do their tasks?

This documentation mentions the following description for Environment with Dataverse:

Security Role: Environment Maker

Database privileges: Customizations

Description:

Can create new resources associated with an environment, including apps, connections, custom APIs, gateways, and flows using Microsoft Power Automate. However, this role doesn't have any privileges to access data within an environment. More information: Environments overview

Environment makers can also distribute the apps they build in an environment to other users in your organization. They can share the app with individual users, security groups, or all users in the organization.

Q2: What does this part mean "However, this role doesn't have any privileges to access data within an environment" ?

Q3: Can the persons with this role see data in Dataverse custom tables created by themselves or others?

Q4: Can people with this role create a new link to data lake using "Azure Synapse Link for Dataverse"?

Thank you for your helps!

Best,

Yuli

Categories:

Governance & administering

I have the same question (0)

All responses (2)

Answers (1)

Verified answer

Hamish Sheild 3,005 Most Valuable Professional on at

Like (1)

Report

Hi @Anonymous

With only the Environment Maker role, your team members will not have the ability to see or validate data. They can only customize the system. You will need to give them an additional security role that gives them privileges to see that data that you want them to review.

Q2: If you look at the definition of the Environment Maker you will see that it's access to Read data on most tables is blank.

Q3: They can see the table definitions i.e. columns, data types etc. but not the data within the tables. You would have to give them access to the data in the table through creating or updating another Security Role that they have.

Q4: I am not sure about a new link to Data Lake. I would assume not as they won't be able to see that data.

So it sounds like you need to give your Team Members the Environment Maker role to be able to customise the system (create and modify table definitions etc.) but you also need to give them another additional Security Role to give them access to data. This could be an existing security role or you could create a custom one.

If I was you I would think about how locked down you want to make this environment. By using the Environment Maker role for your Team members you will have some overhead in having to personally update their security roles to give them access to data each time they create a new table. I have never really seen the Environment Maker role used much for users who need to customise the system, typically customisers are given System Administrator access and the is a level of trust that they will do the their job properly and do the right thing. At the end of the day it comes down to the level of trust you have in your team and also the sensitivity of the data in Dataverse.

The other thing to think about is having different security roles in different environments. For example, system admin in the Dev environment but more restrictive roles for the Production environment.

Was this reply helpful? Yes No
Community Power Pla... on at

Like (0)

Report

Thank you @HSheild . I agree with you about granting System Admin for my team especially for DEV and QUT environments. I will need to discuss with my leader for the PROD environment 👍

Was this reply helpful? Yes No