web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Handle Column Level Se...
Power Apps
Unanswered

Handle Column Level Security on Dataverse

(0) ShareShare
ReportReport
Posted on by lovishsood1 109

Hi Everyone,

 

 

I have recently created a CANVAS Application which is connected with Dataverse.

I have created EMPLOYEE TABLE, Salary Table, and Skills Table.

 

In the Employee table, all the basic details of an employee are currently being stored.

Canvas application is accessed by everyone in ORG but they can only see their data in the App.

 

I have granted them the SERVICE WRITER and SERVICE READER Security Role to entire org.

 

Problem is :

I want to restrict access of particular columns such that for example;

 

HR Employee wants to access a particular column from the EMPLOYEE Table, but due to Service Writer and Reader they are able to access entire Environment tables and not column of Employee Table.

 

How do I restrict it?

 

When any employee visits make.powerautomate.com they can see the ENVIRONMENT NAME and can access all the tables but not by make.powerapps.com.

 

How do I restrict this access from all users and give HR only access to two columns from a table?

 

I hope, my problem is understood.

Categories:
Microsoft Dataverse with Power Apps
I have the same question (0)
  • rahulchitte Profile Picture
    rahulchitte 29 on at

    Try to implement Column Level Security (CLS):

    • Define CLS Profiles: Create Column Level Security Profiles in Microsoft Dataverse to manage access to specific columns.
    • Assign CLS to Roles: Associate these CLS profiles with the appropriate security roles, like the HR role mentioned in your post.
    • Configure Access: Set the desired level of access (read, write, update) for each column within the security profiles.
    • Test Access: Ensure that the access restrictions are working as intended by testing with users assigned different roles.

    This approach will allow you to grant the HR employee access to only the specific columns they need from the Employee table

  • mjburley Profile Picture
    mjburley 370 on at

    Those security roles (SERVICE WRITER and SERVICE READER) are not intended for non admin types. This is what is allowing people to go to make.powerautomate.com etc.

     

    The best practice is to give all users the "Basic User" security role, which is a built in role which handles all the DataVerse bits and bobs, and then create your own security roles for each type of user. Perhaps have a HR System User and a HR System Admin roles, which give access to the specific tables you want to give access to, and to limit viewing, creating etc.

     

    Then do the column security on top of this, utilising Teams to simplify access.

  • lovishsood1 Profile Picture
    lovishsood1 109 on at

    I tried this but the problem is;

     

    In the Employee Table, Rows are created from a flow And due to which in Created By field  , Service Principal name is coming. I'm not able to restrict data on USER level.

     

    For example,

    I have columns Email, Name, ID, Date of Joining , Contact , Manager Id , Designation  and other Personal Details.

    so I want to restrict those Personal Details from the user.

     

    If I'm opening the Dataverse , I should not be able to see other employees PErsonal Details and Only BASIC above mentioned details I can see but Since Created By does not contain my NAME I'm able to access either all the data or not even my data.

     

    How do I resolve it?

  • lovishsood1 Profile Picture
    lovishsood1 109 on at

    How exactly I can utilise Teams to simplify access?

     

     

    My problem is straightforward; 

    Users who have access to Prod. Environment they should be able to see only required columns not all columns of a table.

     

     

    For example; Sharepoint User wants to access only the Date of Birth  column then that user should not be able to see other details of users but 

    problem is If I put column security on columns he can't see his details as well since Created By  field does not contain his name so User privileges don't work here.

  • lovishsood1 Profile Picture
    lovishsood1 109 on at

    This partially solved my problem as I have created SECURITY ROLES as per application access. 

     

    Column-wise security still has not worked due to the Created BY and Owner mismatch.

  • mjburley Profile Picture
    mjburley 370 on at

    The earlier reply about Column Row Security, did you implement this? This is not related with the  record ownership. It prevents users seeing those columns unless specifically allowed to. (When I referred to teams, this is what I meant; set up the column security on a  team and not individuals to simplify user turnover in future).

     

    As you are exposing via a canvas app, I am not sure if the column security carries over; I have never tried that. But in a canvas app you are in complete control. You can read the security roles any user has, and from that decide what to show them. If in HR Admin role, show all the columns, else do not show the sensitive fields. Actually, do not even load the sensitive fields, as hidden fields are still visible in the HTML.

  • lovishsood1 Profile Picture
    lovishsood1 109 on at

    I tried creating a Column Security Profile as well. 
    But that is restricting access to HR's data. 

    For example ;

    I have added the Date of Birth Column in Column Security. Granted Update and Create Access only. Not Read. HR is not able to see his/her DATE OF BIRTH as well via the CANVAS APP.

    From back-end , it's working fine as entire column data is hidden for HR

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 739 Most Valuable Professional

#2
Michael E. Gernaey Profile Picture

Michael E. Gernaey 343 Super User 2025 Season 2

#3
Power Platform 1919 Profile Picture

Power Platform 1919 268

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans