
Announcements
Hi Everyone,
We have a situation where we want the end users/app users be able to submit a request via power apps to data verse as the data source and not have any ability for that users to go to data verse table in the backend to make changes. I'm sure there should be a set up like contribute but not delete security role, can anyone please help me how do we do that?
And the second case the app might be having functionality where user needs to delete some requests from power app screen. Can this be achievable with the contribute but not delete security role as this role might not be helpful in deleting the requests.
Can anyone please help?
Thank you so much in advance!
Dataverse actually has a more robust security capability than Sharepoint does. It supports granular CRUD permissions when defining Security Roles and let’s you define field level (column security) roles. Ownership of records drives much of the security, in addition to business units. Here is the full read:
https://learn.microsoft.com/en-us/power-platform/admin/wp-security-cds#tablerecord-ownership
To answer your specific question, you would create a security role for your app, grant the user that role + basic user + app opener. In your custom security role, grant the user create rights on your request table. Limit it to ‘user level’ so they can only see what they create. That’s it - they’ll create but no ability to edit or view after creation. If you want them to view their requests after they create them, give them user level Read rights. If you want them to be able to Edit after creation, given the user level Update rights. Likely you don’t want to give them any Delete permissions.
If you want admins to be able to delete, simply copy the security role you created, rename it for admins, and assign appropriately.