web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Issue (bug?) with inhe...
Power Apps
Answered

Issue (bug?) with inherited team privileges Azure AD Group Dataverse

(0) ShareShare
ReportReport
Posted on by HFG 520

Hi all, 

 

I am trying to replace our current security set up and use Azure AD groups to provide access to a Model Driven App and data in Dataverse. I am seeing some very strange behaviour and need your help.

 

The current set up is as follows:

 

Root BU with two sub business units 

Security roles which give access to the data at BU unit level

Users are in one of the sub BUs and assigned a security role directly

 

This allows us to manage the access to the tables through the security role and access to the data through the BU. 

 

What we would like to do is use Azure AD groups to assign the security role so that we don't need to assign a role to each person individually. This is the current test model:

 

Root BU with two sub business units

Azure AD group(s) which are in the root BU and each have a role attached. The role has Direct User/Basic access level and Team privileges

User is in a sub BU and has no individual role attached to them

 

This is the strange behaviour I am seeing:

When user access is given to a table, the user sees only records that they own - correct
When organisation level is given the user sees all records - correct
However, when BU level is given, the user doesn't see anything! (Why would they lose access to their own records when a higher access level has been given?!)

When the security role with BU level access is assigned directly to the user, we see the desired effect: the user has access to the table, but only the records for their BU.

 

Can anyone shed any light on what is going on? It would be hugely appreciated!

 

 

 

Categories:
Microsoft Dataverse with Power Apps
I have the same question (0)
  • HFG Profile Picture
    HFG 520 on at

    A bit of further information: 

    When we assign records directly to the Azure AD Group Team, the users in the team are able to see them. 

  • Verified answer
    HFG Profile Picture
    HFG 520 on at

    OK I think I figured it out. I'm going to post my findings rather than just deleting the thread. 

    When the user has basic level given, the role acts like the user directly so they are able to see any records that belong to them directly. 

    When the user is given a higher level, the role looks at the team rather than the user. In this case, the team and user were in different divisions so when the division level access was given, the user only saw records that were owned by their team or anyone in the same division as the team. 

     

  • v-yujincui-msft Profile Picture
    v-yujincui-msft Microsoft Employee on at

    Hi @HFG ,

     

    Thanks for your sharing.

     

    Glad to see you solved the problem.
    You might consider marking your answer as a 'solution' so that it will be useful for others.

     

    Best Regards,
    Charlie Choi

  • Fubar Profile Picture
    Fubar 8,463 Super User 2026 Season 1 on at

    A Security Role assigned to a Team: the Privileges inherited are relative to the BU for that Team

    A Security Role assigned to a User : the Privileges are relative to the BU for that User

     

    Traditionally a User/Basic level privilege inherited from a Team is not the same as a User/Basic assigned directly against the User - but there is now an inheritance variation, based on the setting on the Security Role itself "Member's privilege inheritance" dropdown. 

    https://docs.microsoft.com/en-gb/power-platform/admin/security-roles-privileges#team-members-privilege-inheritance

     

    (and then there's hierarchy and position based models)

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the January Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 101 Most Valuable Professional

#2
Haque Profile Picture

Haque 81

#3
VASANTH KUMAR BALMADI Profile Picture

VASANTH KUMAR BALMADI 70

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans