Power Platform Community Forum Thread Details

I'm building a model-driven app where many of the entities have the "Enable attachments (including notes and files)" feature turned on. I'd like to allow users to be able to choose whether to make their note private. Default note permission would be readable by anyone who had read-access to the parent entity.

First, how do I configure note permissions so that this is possible?

And second, what control needs to be enabled so that a user can change the visibility of their note?

PowerApps permissions are still very theoretical to me. I've read and watched videos but it feels very complex.

Categories:

Microsoft Dataverse with Power Apps

Hi @halifaxious,

Notes and their attachments is one of those out-of-the-box (OOB) features that is limited to the amount of configuration they support. For instance, you can't add custom fields/columns to the Notes entity/table, so letting the user change the visible would be tricky. The method to control the visibility and access is with standard privileges. The challenge is this effect all notes in the system, and can't limit to specific notes for specific records. For ex: if everyone can read notes then set the Read privilege to org-level, but then you won't be able to make some notes private. The only way to make them private is to reduce the privilege level to business unit or user-level. User-level means only the owner of the notes to do the respective privilege assigned, business unit is within the business unit. Business unit does not refer to the organizational business unit, it's a security construct to segregate the data into "units". More info on business units: https://docs.microsoft.com/power-platform/admin/wp-security-cds#business-units
So OOB, you would be able to configure different groups to have different level of access to notes, and that's pretty much it.

If you really need the ability for users to mark notes as private or public. I would then suggest to create a custom Note table with a multiline-of-text/memo column and a File type column. Making the note public or private can be done by changing the Owner column. Setup the privileges to user-level only and then you can assign the note to the root business unit team or to the current user to lock it down. You can get fancy by having a custom private/public checkbox column and triggering a Power Automate to automatically assign the Owner.

For more info on Dataverse security in general here's a nice video: https://powerusers.microsoft.com/t5/Webinars-and-Video-Gallery/Security-in-Common-Data-Service-CDS/td-p/615512

Hope this all makes sense!