web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
Register Today: Microsoft Business Applications Update- April 15th
Your Invited to Keeping It Real with the Power Platform
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Users, Roles, Groups, ...
Power Apps
Answered

Users, Roles, Groups, Teams, Business Units???

(0) ShareShare
ReportReport
Posted on by IPC_ahaas 1,401 Moderator

I am so confused. What seemed like a simple task to define what users should have access to what Environments (and the apps within it) has bloated into an ocean of user created videos hosted by Microsoft with old and new interfaces spread across dozens of very long learn articles with terrible examples such as "User A" and "Business Unit B". I understand less now than when I started.

 

In our organization, only one person makes apps - me. I created Dev, Test, and Prod Environments after learning the "Default" environment is really a "Personal" Environment. I'm building a single app to test out this new development flow process (haven't figured out "pipelines" yet).

 

* My IT team needs access to "Dev" because because.

* Supervisors, whose employees will be using the app, need to kick the tires on apps I development in "Test"

* When it's all good, the app will get pushed to "Prod" where Supervisor's employee's can run the apps.

 

I assumed Security Groups was the way to do this and ended up buried in "Teams" (but not those "Teams". GOOD GRIEF MICROSOFT! So good at making up words, but here you are using "Teams" way too much) and "Business Units".

 

Just... what!? I have to make a "Team" that contains a "Security Group" just because you wanted to reuse the word "Team" again? Why the heck can't I just add a Security Group directly to an Environment?

Categories:
Microsoft Dataverse with Power Apps
I have the same question (0)
  • TheCompuSmith Profile Picture
    TheCompuSmith 20 on at

    I believe what you're looking for (if I understand your question) is a way to control access to your environments using an AAD security group.  If you edit your environment you can assign a security group to each one and only users in that group can access it.  Security roles, Teams & Business units would be used to control what users have access to once in the environment.

     

    thecompusmith_0-1706735877665.png

     

    thecompusmith_1-1706735916077.png

     

    I hope this helps and please let me know if I misunderstood your question.

  • Verified answer
    Fubar Profile Picture
    Fubar 8,487 Super User 2026 Season 1 on at

    Business Units and Teams existed in the product before AD Security Groups etc were incorporated.

    The Security Model can get very complicated quickly.

     

    You can restrict users access to environments by assigning an Office 365 Security Group to the environment (as per the post from thecompusmith) e.g. to allow different sets of users to be users in Prod vs Test vs Dev

     

    Within the Environment you can use Teams and Business Units (in combination with Security Role privillges) to achieve Separation and Segmentation of Data

    Users and Teams can also be owners of records (for Tables that have been defined as User/Team), and again this forms part of Separation and Segmentation of Data

     

    More recently there has been the ability to create a Team that is tied to Security Group and Office group.

     

    (and there are additional concepts such as Position and Hierarchy that can be enabled )

  • ivan_apps Profile Picture
    ivan_apps 2,189 Moderator on at

    Agree with this - Teams in Dataverse is a standalone security concept. There is the ability to synchronize an AAD Security Group with a Dataverse Team, if you create the team via the PPAC, select the Entra ID security group option. Office Groups are also available (which MS Teams automatically creates), so you can even tie in a MS Teams ‘Team’ to a specific access in Dataverse.

  • IPC_ahaas Profile Picture
    IPC_ahaas 1,401 Moderator on at

    In this case we don't want anyone to own the data. It belongs to the environment and they'll only be able to interact with it via an app(s). So it sounds like I can ignore Teams and Business Units.

  • Fubar Profile Picture
    Fubar 8,487 Super User 2026 Season 1 on at
    @IPC_ahaas wrote:

    In this case we don't want anyone to own the data. It belongs to the environment and they'll only be able to interact with it via an app(s). So it sounds like I can ignore Teams and Business Units.

    By default there is always the root Business Unit, and its default Team, and adding a User they will be in that default team.

    Even where you are not interested in Separation and Segmentation of data, where record ownership helps is allowing you to assign records to users (or Teams) to allow your user to see a list of items that are assigned to them (or their team) to work on (e.g. you will notice a number of out of the box Dataverse Table views that start with "My....." these views have filters preset to filter records assigned to the current user)

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Register Today: Microsoft Business Applications Update- April 15th
Your Invited to Keeping It Real with the Power Platform

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the March Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
11manish Profile Picture

11manish 551

#2
WarrenBelz Profile Picture

WarrenBelz 430 Most Valuable Professional

#3
Valantis Profile Picture

Valantis 298

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans