You’re offline. This is a read only version of the page.
Announcements
Hi everyone,
I am looking for some advice on how to supress access to a Model Driven App for set of users. I'll try to explain this as best as possible but if anything's unclear please let me know and I can clarify.
The solution is based in Dataverse.
I have a table, Table A.
User Group 1 needs to be able to read records in Table A to submit reports via Canvas App 'CA1'. The data from the Table A records is represented in part in CA1. Users do not see all fields of the records and they should not be able to do so. I've mitigated this via correct Power FX use in CA1.
I have a Model Driven App, 'MD1'.
MD1 has been shared with Security Roles that do NOT include users in User Group 1.
MD1 is used for an Admin function on the same solution.
User Group 1 does NOT have 'App Opener' assigned to it.
The problem is users in User Group 1 can, if given the direct link to MD1, open it and see the records, then use the hyperlinks in MD1 to navigate around and see records in full.
The problem is, I cannot simply change the Security Role for users in User Group 1 to not be able to access Table A, since this is needed for the representation in the Canvas App, but I need to suppress users being able to open the Model Driven App 'MD1' and access records via this route. It is not acceptable to assume they will never get the URL to the MD1.
I am not sure what I'm missing here. Is there a Table or role/attribute etc within the Security Role assigned to users in User Group 1 that I need to unassign - IE an out of the box setting that is on by default? I did see a table named 'Model-driven App' in the Customization area, (name: appmodule) that has 'Read' set to Organization for the User Group 1 Security Role. I have not tried changing this yet since I assume this is an OOB setting and didn't want to change it in case this is unrelated.
In this case, User Group 1 will not need to run any Model Driven Apps in this solution so it would be acceptable to fully disable Model Driven for them if needed. But I assume there must be a way to selectively disable Model Driven Apps and enable others within the same solution.
Many thanks for any assistance on this.
Hi everyone,
For info having spoken to an in-house expert it looks like Column Level Security Profiles will be the resolution for this. I will post more information in due course once this has been explored.
Share
Report
439
All responses (
Answers (
