Skip to main content

Notifications

Community site session details

Community site session details

Session Id : Rmj/VOK96NJ0ME0sFT4bwj
Power Apps - Microsoft Dataverse
Unanswered

Handle Column Level Security on Dataverse

Like (0) ShareShare
ReportReport
Posted on 21 May 2024 09:30:00 by 109

Hi Everyone,

 

 

I have recently created a CANVAS Application which is connected with Dataverse.

I have created EMPLOYEE TABLE, Salary Table, and Skills Table.

 

In the Employee table, all the basic details of an employee are currently being stored.

Canvas application is accessed by everyone in ORG but they can only see their data in the App.

 

I have granted them the SERVICE WRITER and SERVICE READER Security Role to entire org.

 

Problem is :

I want to restrict access of particular columns such that for example;

 

HR Employee wants to access a particular column from the EMPLOYEE Table, but due to Service Writer and Reader they are able to access entire Environment tables and not column of Employee Table.

 

How do I restrict it?

 

When any employee visits make.powerautomate.com they can see the ENVIRONMENT NAME and can access all the tables but not by make.powerapps.com.

 

How do I restrict this access from all users and give HR only access to two columns from a table?

 

I hope, my problem is understood.

  • lovishsood1 Profile Picture
    109 on 29 May 2024 at 10:08:20
    Re: Handle Column Level Security on Dataverse

    I tried creating a Column Security Profile as well. 
    But that is restricting access to HR's data. 

    For example ;

    I have added the Date of Birth Column in Column Security. Granted Update and Create Access only. Not Read. HR is not able to see his/her DATE OF BIRTH as well via the CANVAS APP.

    From back-end , it's working fine as entire column data is hidden for HR

  • mjburley Profile Picture
    370 on 28 May 2024 at 07:50:17
    Re: Handle Column Level Security on Dataverse

    The earlier reply about Column Row Security, did you implement this? This is not related with the  record ownership. It prevents users seeing those columns unless specifically allowed to. (When I referred to teams, this is what I meant; set up the column security on a  team and not individuals to simplify user turnover in future).

     

    As you are exposing via a canvas app, I am not sure if the column security carries over; I have never tried that. But in a canvas app you are in complete control. You can read the security roles any user has, and from that decide what to show them. If in HR Admin role, show all the columns, else do not show the sensitive fields. Actually, do not even load the sensitive fields, as hidden fields are still visible in the HTML.

  • lovishsood1 Profile Picture
    109 on 27 May 2024 at 10:23:03
    Re: Handle Column Level Security on Dataverse

    This partially solved my problem as I have created SECURITY ROLES as per application access. 

     

    Column-wise security still has not worked due to the Created BY and Owner mismatch.

  • lovishsood1 Profile Picture
    109 on 22 May 2024 at 06:52:50
    Re: Handle Column Level Security on Dataverse

    How exactly I can utilise Teams to simplify access?

     

     

    My problem is straightforward; 

    Users who have access to Prod. Environment they should be able to see only required columns not all columns of a table.

     

     

    For example; Sharepoint User wants to access only the Date of Birth  column then that user should not be able to see other details of users but 

    problem is If I put column security on columns he can't see his details as well since Created By  field does not contain his name so User privileges don't work here.

  • lovishsood1 Profile Picture
    109 on 22 May 2024 at 06:46:40
    Re: Handle Column Level Security on Dataverse

    I tried this but the problem is;

     

    In the Employee Table, Rows are created from a flow And due to which in Created By field  , Service Principal name is coming. I'm not able to restrict data on USER level.

     

    For example,

    I have columns Email, Name, ID, Date of Joining , Contact , Manager Id , Designation  and other Personal Details.

    so I want to restrict those Personal Details from the user.

     

    If I'm opening the Dataverse , I should not be able to see other employees PErsonal Details and Only BASIC above mentioned details I can see but Since Created By does not contain my NAME I'm able to access either all the data or not even my data.

     

    How do I resolve it?

  • mjburley Profile Picture
    370 on 21 May 2024 at 13:37:38
    Re: Handle Column Level Security on Dataverse

    Those security roles (SERVICE WRITER and SERVICE READER) are not intended for non admin types. This is what is allowing people to go to make.powerautomate.com etc.

     

    The best practice is to give all users the "Basic User" security role, which is a built in role which handles all the DataVerse bits and bobs, and then create your own security roles for each type of user. Perhaps have a HR System User and a HR System Admin roles, which give access to the specific tables you want to give access to, and to limit viewing, creating etc.

     

    Then do the column security on top of this, utilising Teams to simplify access.

  • rahulchitte Profile Picture
    27 on 21 May 2024 at 10:49:41
    Re: Handle Column Level Security on Dataverse

    Try to implement Column Level Security (CLS):

    • Define CLS Profiles: Create Column Level Security Profiles in Microsoft Dataverse to manage access to specific columns.
    • Assign CLS to Roles: Associate these CLS profiles with the appropriate security roles, like the HR role mentioned in your post.
    • Configure Access: Set the desired level of access (read, write, update) for each column within the security profiles.
    • Test Access: Ensure that the access restrictions are working as intended by testing with users assigned different roles.

    This approach will allow you to grant the HR employee access to only the specific columns they need from the Employee table

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Understanding Microsoft Agents - Introductory Session

Confused about how agents work across the Microsoft ecosystem? Register today!

Warren Belz – Community Spotlight

We are honored to recognize Warren Belz as our May 2025 Community…

Congratulations to the April Top 10 Community Stars!

Thanks for all your good work in the Community!

Leaderboard > Power Apps - Microsoft Dataverse

#1
ankit_singhal Profile Picture

ankit_singhal 11 Super User 2025 Season 1

#2
mmbr1606 Profile Picture

mmbr1606 9 Super User 2025 Season 1

#3
CU07050602-0 Profile Picture

CU07050602-0 4

Overall leaderboard

Featured topics

Loading started