Power Platform Community Forum Thread Details

Hi All,

I'm delving deeper into how Dataverse manages and understands the organizational hierarchy, specifically how it determines where a user sits within the organizational structure. This understanding is crucial for implementing nuanced access controls and for tailoring user experiences based on their roles and positions within the organization.

My main questions are:

How does Dataverse recognize or infer a user's position within an organization?
Are there specific attributes or configurations within Dataverse that need to be set up to map users accurately to their respective positions in the organizational hierarchy?
How can this mapping influence access controls, visibility, and functionality available to the user within Power Apps and other Dynamics 365 applications?

I'm looking for insights or guidance on setting up or utilizing Dataverse's capabilities to reflect our organizational structure accurately and leverage this for more effective app design and security role configuration.

Any advice, resources, or experiences shared would be greatly appreciated!

Thank you for your support.

Categories:

Microsoft Dataverse with Power Apps

There is not a simple straight forward answer to this. There are a number of different mechanisms to understand and then choose which one fits your needs best

Traditional Business Units (and Teams) and Security Role privileges, and record Ownership. Think of a Business Unit structure as a Organization Chart. When a User (or Team) is created it has a Business Unit, by default this will be the root BU, but can be set to a different BU in the structure (if you have defined one), the BU/Team structure in combination with Security Role privileges (each privilege has levels that represent from none, user, BU only, and BU and below, Organization) https://learn.microsoft.com/en-us/power-platform/admin/create-edit-business-units#legacy-experience
Hierarchy Security, rather than Business Units focusses on Manager and Positions, https://learn.microsoft.com/en-us/power-platform/admin/hierarchy-security?tabs=preview

(and there's a newer cross BU one also, but start with the ones above)

Either mechanism can be implemented in a way to achieve Segregation and Separation of data. e.g. based on the Security Role Privileges a User in one BU may not be able to see data owned by a different user or team in a different BU (or you may have Organizational Read, so can see the data, but have a lower privilege level for Edit and so can Edit records in your BU but the record owned by the other user/team is readonly).

Where something is using the individual User to access the data of dataverse (e.g. not a shared account, like a service account, which will apply the privileges of that account), the Security Model will apply and only expose the data the users permissions allow them to see.