You’re offline. This is a read only version of the page.
Hi Everyone,
I have recently created a CANVAS Application which is connected with Dataverse.
I have created EMPLOYEE TABLE, Salary Table, and Skills Table.
In the Employee table, all the basic details of an employee are currently being stored.
Canvas application is accessed by everyone in ORG but they can only see their data in the App.
I have granted them the SERVICE WRITER and SERVICE READER Security Role to entire org.
Problem is :
I want to restrict access of particular columns such that for example;
HR Employee wants to access a particular column from the EMPLOYEE Table, but due to Service Writer and Reader they are able to access entire Environment tables and not column of Employee Table.
How do I restrict it?
When any employee visits make.powerautomate.com they can see the ENVIRONMENT NAME and can access all the tables but not by make.powerapps.com.
How do I restrict this access from all users and give HR only access to two columns from a table?
I hope, my problem is understood.
I tried creating a Column Security Profile as well.
But that is restricting access to HR's data.
For example ;
I have added the Date of Birth Column in Column Security. Granted Update and Create Access only. Not Read. HR is not able to see his/her DATE OF BIRTH as well via the CANVAS APP.
From back-end , it's working fine as entire column data is hidden for HR
The earlier reply about Column Row Security, did you implement this? This is not related with the record ownership. It prevents users seeing those columns unless specifically allowed to. (When I referred to teams, this is what I meant; set up the column security on a team and not individuals to simplify user turnover in future).
As you are exposing via a canvas app, I am not sure if the column security carries over; I have never tried that. But in a canvas app you are in complete control. You can read the security roles any user has, and from that decide what to show them. If in HR Admin role, show all the columns, else do not show the sensitive fields. Actually, do not even load the sensitive fields, as hidden fields are still visible in the HTML.
This partially solved my problem as I have created SECURITY ROLES as per application access.
Column-wise security still has not worked due to the Created BY and Owner mismatch.
How exactly I can utilise Teams to simplify access?
My problem is straightforward;
Users who have access to Prod. Environment they should be able to see only required columns not all columns of a table.
For example; Sharepoint User wants to access only the Date of Birth column then that user should not be able to see other details of users but
problem is If I put column security on columns he can't see his details as well since Created By field does not contain his name so User privileges don't work here.
I tried this but the problem is;
In the Employee Table, Rows are created from a flow And due to which in Created By field , Service Principal name is coming. I'm not able to restrict data on USER level.
For example,
I have columns Email, Name, ID, Date of Joining , Contact , Manager Id , Designation and other Personal Details.
so I want to restrict those Personal Details from the user.
If I'm opening the Dataverse , I should not be able to see other employees PErsonal Details and Only BASIC above mentioned details I can see but Since Created By does not contain my NAME I'm able to access either all the data or not even my data.
How do I resolve it?
Those security roles (SERVICE WRITER and SERVICE READER) are not intended for non admin types. This is what is allowing people to go to make.powerautomate.com etc.
The best practice is to give all users the "Basic User" security role, which is a built in role which handles all the DataVerse bits and bobs, and then create your own security roles for each type of user. Perhaps have a HR System User and a HR System Admin roles, which give access to the specific tables you want to give access to, and to limit viewing, creating etc.
Then do the column security on top of this, utilising Teams to simplify access.
Try to implement Column Level Security (CLS):
This approach will allow you to grant the HR employee access to only the specific columns they need from the Employee table
#1
ankit_singhal
11
Super User 2025 Season 1
#2
mmbr1606
9
Super User 2025 Season 1
#3
CU07050602-0
4
Share
Report
All responses (
Answers (