web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Architectural Review &...
Power Apps
Suggested Answer

Architectural Review & Scalability Check: Hybrid Dataverse Security Model

(0) ShareShare
ReportReport
Posted on by 12
Hi everyone,
I'm designing a high-scale Dataverse environment (1M+ Users / 10M+ Records) and want to validate a 3-Tier Security Model to avoid POA table bloat and performance degradation.

The Proposed Structure:
 * Vertical Access: Manager Hierarchy Security (Depth: 3) for all internal management visibility.
 * Internal Collaboration: Access Teams on individual records for cross-functional staff access.
 * External/Group Access: Company Owner Teams (one per Account). We use Power Automate to GrantAccess (Sharing) to the Team rather than individual users.
 * Relationship Behavior: Cascade: None on Share; Cascade: All on Assign.

Questions:
Is this "Hybrid" model (Manager Hierarchy + Company-Team Ownership + Automated Sharing) considered a "Real-World Best Practice" for 1M+ user environments?

Specifically:
 * Ownership Scaling: Does owning records via Company Owner Teams (potentially thousands of records per team) pose any known performance risks during high-frequency data entry?
 * At a 1 million user scale, is sharing with a Company Owner Team (single POA row per company) the most efficient way to grant bulk access to external contacts?
 * Are there known risks with using Access Teams for internal collaboration alongside Hierarchy Security at this volume?
 * Does Cascade: All on Assign create significant locking issues if the record is being moved between Owner Teams frequently?
I'd love to hear from anyone who has hit the limits of the POA table. Thanks!
___________________________________________

Use Case example for more reference:

Logistics Company wants to develop this solution for its internal and external users.

1. Record Ownership & Internal Access

 * Trip Ownership: A Trip is owned by either a Sales Personal Owner Team or a Customer Company Owner Team (One team per Customer account).

 * Internal Staff (Procurement/Sales): For cross-functional access (Procurement), we use Access Teams on the Trip record.

 * Child Records: Customer Invoices are child records of Trips. To prevent performance "locking," all relationships are set to Cascade: None for Share/Unshare/Assign.

2. External Partner Access (The "Hybrid" Sharing)

 * Transport Companies: Each Transporter has a Company Owner Team containing all their contacts.

 * Automation: When a Procurement user assigns a Transporter to a Trip, a Power Automate flow executes a GrantAccess action to that Transporter's Company Team (AccessMask: 23).

 * Dynamics: This ensures that any contact associated with that Transport Company can see/edit the Trip immediately without manual sharing for every individual.

3. Data Isolation

 * Sales & Customers: Roles are set to User-Level (Deep) on their respective tables.

 * External Users: No access to "opposite side" tables (e.g., Customers cannot see Transporter-specific negotiation tables).
I have the same question (0)
  • Suggested answer
    11manish Profile Picture
    3,333 on at
    At a scale of 1M+ users and 10M+ records, you are entering the territory of "High-Density Dataverse." In this realm, the POA (PrincipalObjectAccess) table isn't just a table; it's the primary bottleneck for every RetrieveMultiple call the system makes.

    Your 3-Tier model is sophisticated, but there are specific "architectural traps" in your proposal that could cause significant performance degradation at this volume.
     
    The most performant 1M-user environments rely 90% on Business Unit/Ownership and only 10% on Sharing/Hierarchy.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Season of Sharing Community Challenge Launch!

Jump in, show your community spirit, and win prizes!

Kudos to our 2025 Community Spotlight Honorees

Expanding mentorship, skilling, and AI innovation

Congratulations to the May Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
Valantis Profile Picture

Valantis 424

#2
WarrenBelz Profile Picture

WarrenBelz 355 Most Valuable Professional

#3
11manish Profile Picture

11manish 290

Last 30 days Overall leaderboard