web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / How to assign security...
Power Apps
Unanswered

How to assign security roles to Microsoft 365 Groups/Security Groups/Groups of users

(1) ShareShare
ReportReport
Posted on by Arioule 156

Hi, 

 

I would like to assign security role to a group of users ?

How can I do that ?

 

Thanks,

 

Arioule

Categories:
Microsoft Dataverse with Power Apps
I have the same question (0)
  • Verified answer
    SaiKrishnaGudluru Profile Picture
    SaiKrishnaGudluru 499 on at

    @Arioule you can implement this using TEAMS option in CDS.

    log in to make.powerapps.com -> select your environment -> click on "setting (gear symbol) -> advanced settings -> security -> Teams -> Click on New -> select owner type as "AAD Security Group" and provide GUID of the group and update required details. Save

    Once saved, on the ribbon go to "manage roles' and provide appropriate role

    https://cloudblogs.microsoft.com/dynamics365/it/2019/05/01/using-azure-active-directory-groups-to-manage-an-users-app-and-data-access/

  • Verified answer
    v-yutliu-msft Profile Picture
    v-yutliu-msft on at

    Hi @Arioule ,

    Do you want to assign security role to an azure ad group in one environment?

    You could set this in https://admin.powerplatform.microsoft.com

    1)for Microsoft 365 Groups

    Firstly, in azure admin center create a Microsoft 365 Group:https://portal.azure.com

    Then in power platform admin center, choose the environment that you want to set, choose teams.

    87.PNG

     

    Choose +new to create team.

    Team type choose AAD office group, copy the microsoft365 group object id in the azure ad object id part.

    871.PNG

     

    872.PNG

     

    2) for Security Groups

    Firstly, in azure admin center create a Security Group:https://portal.azure.com

    Then in power platform admin center, when you create team, choose security group.

    873.PNG

     3)for Groups of users

    You just need to choose owner in team type when creating team in power platform admin center.

    874.PNG

     

    You do not need to enter group object id in this situation. After you create team, you need to add user manually.

     

     

    To assign security group, choose the team that you create, choose security role in related part.

    875_LI.jpg

     

     

    You could assign the existing security role here.

     

     

     

    Best regards,

  • Arioule Profile Picture
    Arioule 156 on at

    Hi @v-yutliu-msft,

     

    Thanks a lot,

     

    Arioule

  • Arioule Profile Picture
    Arioule 156 on at

    Hi @krishnags ,

     

    Thanks a lot for your help

  • Arioule Profile Picture
    Arioule 156 on at

    Hi @v-yutliu-msft , @krishnags 

     

    I have one more question for you Guys.

     

    I have exactly done what you told me.

    Afterwards I added a new Member from the Microsoft 365 admin center to one of the Microsoft 365 Groups that I have previously imported in my CDS environment and then I have realised that the new member had not been added in the corresponding Team Group created from the power platform admin center. it did not sync members. 

     

    So, I was wondering why the Microsoft 365 Group and the CDS Team Group are not synchronised. Did I do something wrong ?

     

    Thanks,

     

    Arioule

     

     

     

     

  • SaiKrishnaGudluru Profile Picture
    SaiKrishnaGudluru 499 on at

    users from Azure gets updated or synched to CDS team's record only after they access the environment

  • mbkdev02 Profile Picture
    mbkdev02 2 on at

    I cannot get this to work!

    - Is this a "catch 22"?

     

    How can a user login to the environment, when the user does not yet have the necessary CDS Security Roles assigned to him, because he is not yet a member of the CDS Team that will grant him the security roles?

     

    As far as I can tell, a user needs the CDS Security Role 'Basic User' in order to login to an App that runs inside the environment. So, my configuration was to add the 'Basic User' role to the CDS Team, expecting that users added to the CDS Team would get the 'Basic User' role and then be able to login. But, I cannot get this to work.

     

    Whenever my user try to run the App he gets this error: 

    The user '<some GUID>' does not have sufficient access rights to perform this operation on entity with id <some other GUID> in instance with URL 'https://<myorg>.crm4.dynamics.com/' . Required access right 'ReadAccess' is missing.

     

    What is it that I'm doing wrong?

     

    Kind regards

    Michael

     

     

  • Pete Profile Picture
    Pete 2 on at

    I was testing the same first time now and was also wondering why the members of AAD Office Group are not visible in Team members and how those users could login the environment. But this seems to work like @krishnags mentioned that users are "synched" to Team when they login to environment first time. At least in my tests the user which is the member of the Office Group can see the environment (where Team is created with security role defined) in environment list even that their account is not yet visible in the Team members list. When selecting the environment e.g. in make.powerapps.com then immediately user account is visible in Team members list. So the user permission is active even that their account is not visible in the members list

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 717 Most Valuable Professional

#2
Michael E. Gernaey Profile Picture

Michael E. Gernaey 329 Super User 2025 Season 2

#3
Power Platform 1919 Profile Picture

Power Platform 1919 268

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans