web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / End User access contro...
Power Apps
Answered

End User access control options

(0) ShareShare
ReportReport
Posted on by Sheikx800 113

I feel like there may be answers to this question within other threads didn't find a great deal so I am asking for you geniuses to reach out and assist again!

 

The environment that I am creating has a 'dataverse' database and two PowerApps. There will be a 'manager' app for internal employees that is model-driven, and then a Canvas app for the end-users. End-users should only be able to access records for their accounts.

 

I am not sure where to start with the control of end-user access to data in the dataverse and would like some guidance/links for best practice. Ultimately, we only want to have end-users seeing their own data, but for them to access the data, my current understanding is that they need access to the database and would then have access to ALL the data in it and not just their own. 

 

The method that comes to mind as the 'easy' approach is to have the Canvas app do filtering based on the users login information... But my background tells me thats not the correct approach because you would essentially be 'hiding' the data, not preventing access. So someone who knows how to could gain access to the data in the dataverse because they, at the dataverse level, have access to the full table. It would only be the PowerApp filtering their access. So something tells me there is extra steps that need to be taken to ensure that anyone with malicious intent couldn't circumvent the 'forward facing' permissions of the Canvas app and simply grab all the data.

 

I hope this makes sense. I have no doubt that plenty have crossed this bridge before me but it has been difficult to find specific information relating to the use of dataverse as the storage location. Most of the guides/tutorials refer to people using sharepoint lists and spreadsheets which naturally have far simpler permissions. 

 

Thanks in advance.

 

Categories:
Governance & administering
I have the same question (0)
  • Verified answer
    joe_hannes_col Profile Picture
    joe_hannes_col 1,843 Super User 2024 Season 1 on at

    Hello @Sheikx800,

     

    You made a great design choice in going with Dataverse for your requirements.

    The only thing you will have to do is to correctly set up security. In Dataverse, you can make very granular decisions about who can create, update, read, and delete records - and if users can access only their own records, all other records or even records created by their business unit.

     

    Security in Dataverse works like this: you define Security Roles. For each Security Role, you can define if a person with this Role can access their own records, the organization's records, etc - for each entity (table). When you assign a Security Role to a user, Dataverse automatically displays only data the user should be able to access - no need to use custom filters etc.

    You can find more information here: https://docs.microsoft.com/en-us/power-platform/admin/wp-security-cds

     

    The easiest way to achieve your requirement would be to:

    1. Create a new security role for your users, or choose an existing one to update, e.g. "Basic User": https://docs.microsoft.com/en-us/power-platform/admin/database-security
    2. Create the correct privileges for the entity (table) you want to restrict access to. To do this, identify the entity (table) in the list of custom entities in the security role editor:
       

      security-role-privileges.png

      For this table, define the privileges. In your case, for users, this would be "User":
      security-role-privileges-key (1).png
    3. You can then assign the security role to your users: https://docs.microsoft.com/en-us/power-platform/admin/database-security#assign-security-roles-to-users-in-an-environment-that-has-a-dataverse-database

    You can then walk through the same process for the "Manager" role, but you would want to give them higher privileges, e.g. "Organization".

     

  • Hamish Sheild Profile Picture
    Hamish Sheild 3,005 Most Valuable Professional on at

    An additional note to @joe_hannes_col response is that you should create a new Security Role by copying an existing one e.g. Basic User.  Don’t create a new Security Role from scratch as you will most likely find yourself in a world of pain trying to get the permissions correct. There are some base permissions that just about every user needs for Dataverse to work for them. These are included in the existing  Base User security role.

  • Sheikx800 Profile Picture
    Sheikx800 113 on at

    @joe_hannes_col - Given your mention of choosing the Dataverse DB, I have to say - Planning for success with this project meant I needed a proper database that could scale. I was completely blown away with what the Microsoft CDS/Dataverse platform is capable of. I walked into this thinking I would need to develop an SQL database from scratch and then after a few clicks found myself literally months down the development track without any of the work... Systems Analysts must froth over this stuff!

     

    Thank you for all of that information and for narrowing down what I need to read up on!

     

    There seem to be a number of extremely granular (see: daunting) security settings within the 'Dynamics' admin area for the dataverse. It doesn't appear from what you linked me that I need to worry about this stuff which is good news. My use case is going to require record-specific restrictions for each user/group rather than simply restricting by table so I am suspecting I am going to have to do a fair bit of configuration to make this work, but its outlined as being possible so I will have to get reading and have a play. I may pop back here to ask more about this later. The forums have been extremely helpful!

    @HSheild - Thank you for the tip. I think I made an attempt to create one from scratch while playing around a while back and it did NOT go well!

     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the April Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
Vish WR Profile Picture

Vish WR 1,033

#2
Valantis Profile Picture

Valantis 632

#3
11manish Profile Picture

11manish 607

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans