Power Platform Community Forum Thread Details

Dear all,

hoping this finds you well. We have been using CDS for some time now, but have not had to apply record level security and are stuck on the following scenario:

Data comes in from an API with some general information and an array with "Recipients" that are users in active directory;
PowerAutomate pre-processes this information and sends the:
1. general information to a custom entity called "Record"; and
2. the recipients each to a custom entity called "Recipients";
The relationship is established like this: "User" 1-1 "Recipient" *-1 Record.

The recipient group is differnt every time, so we need to find a solution so that records can be read (no other action) by Recipients. I have been searching like mad, but was not able to find a solution for record level permissions in this way.

Would appreciate some inspiration here and have a good weekend,

Max

Categories:

Microsoft Dataverse with Power Apps

Hi @Kikoger ,

If the Recipients in your API response body are actual users of Dataverse (CDS), you could leverage an Access Team Template for this.

That being said, I would caution trying to achieve this level of granularity in record access. You may run into scalability issues at large volumes on the entity (table) in terms of both performance and in the amount of storage that the Principal Object Access (POA) will consume.

With that aside, here are steps you can follow to achieve this.

Enable Access Teams and create an Access Team Template for the Record entity via the steps documented here. https://docs.microsoft.com/en-us/power-platform/admin/create-team-template-add-entity-form
In your Power Automate flow, use the List Records action for the CDS (Current Environment) connector as such below, filtering on the name of your template.
Next you want do another List Records action for Users this time (hopefully your Participants array has a unique value such as email to pass as a filter argument).
Next you would use the Create a Record action to create the 'Record' row in CDS.
The last step is to add the users into the Access Team for the record that was just created. The Perform a Bound Action will allow you to use an out of the box Dataverse bound Action for the User table called AddUserToRecordTeam. You would perform this bound action for each user record from your List Record (Users) step, so place this inside an Apply to Each action. You just need to supply the following 3 parameters for the bound action:
- Item ID: the User value from the Apply to Each item
- Record: The OData.Id value from the created 'Record' row in the earlier Create a new record step
- teamtemplate teamtemplateid: Take the first record from the List Records - Team Template step. You can use the following expression for this
  first(outputs('List_records_-_Team_Template')?['body/value'])['teamtemplateid']

Hope this helps.

---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.