web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Managing Access to Tab...
Power Apps
Unanswered

Managing Access to Tables and Assigning Records To Teams

(1) ShareShare
ReportReport
Posted on by Farhanftp 79
Hi,
 
I am trying to create security configuration for my Dataverse environment. I have created a Canvas app that uses Dataverse in the backend.
 
  • The app is used by different teams and I have 50+ teams, this can grow over time.
  • A user can be part of different teams.
  • Users from a team should be able to access data from the team they are assigned to.
 
Currently I have implemented a sample using Dataverse teams. I created Dataverse teams and added users to that team. Rows are assigned to each team using Power Automate.
 
I have 10+ related tables and need to implement above configuration in all tables.
 
It is very difficult to manage in the case of 50+ teams using Dataverse teams. 
 
Anyone knows any alternative or any idea how to implement this functionality without compromising security?
 
Categories:
Microsoft Dataverse with Power Apps
I have the same question (0)
  • Michael E. Gernaey Profile Picture
    Michael E. Gernaey 53,329 Super User 2025 Season 2 on at
    HI
     
    I am honestly not exactly sure what you need, you kinda just added details about the related Tables, which should be setup to get their permission from the parent record.
     
    Unfortunately without doing a full review of your internal security, how you use AAD/Entra etc its very difficult to give you a good answer, as one that may work for this app may not work for the other apps.
     
    Regardless, it doesn't matter whether you great the Group(teams) in AAD/Entra you still have to do the associations.
     
    So I cannot say if its better to use Roles, Teams, both, AAD Groups, as I am not even completely sure of the configuration for these teams, a can read, b can write, c can edit
     
    Too many variables for me personally to give you good suggestions
     
  • Suggested answer
    Ammar Zaied Profile Picture
    Ammar Zaied 97 on at

    For your scenario where you have 50+ teams and users can belong to multiple teams, managing access to Dataverse data efficiently can indeed become challenging if you're using Dataverse teams. Here are a few alternatives and ideas to consider:

    1. Use Security Roles with Business Units and Hierarchy Security

    • Business Units: Instead of managing access via teams, you could use Dataverse Business Units to segregate data. Assign teams to the appropriate Business Units, and apply security roles at the Business Unit level. This way, each user can see the data of their Business Unit.
    • Hierarchy Security: By using the hierarchy security model, you can configure a structure where managers or certain roles can access data of their subordinates (e.g., team leaders accessing the data of their team members).

    Advantages:

    • Easier to manage at scale since Business Units can represent your teams or departments.
    • You can still assign users to multiple Business Units via hierarchy security, which may simplify user permissions without creating and managing multiple Dataverse teams.

    Disadvantages:

    • If users need to access multiple Business Units, it can require more complex security configurations, depending on your organizational structure.

    2. Use Custom Access Control with Dataverse and Power Automate

    • Instead of managing team membership directly in Dataverse, you can implement custom access control by creating a custom table for teams and storing the relationships between users and teams in that table.
    • With Power Automate or custom logic in Dataverse, you can filter data based on the team assignments in this custom table. For example, when a user accesses a record, a lookup could check if the user is part of the appropriate team(s).

    Advantages:

    • This solution is scalable as you can manage the team memberships in a single custom table.
    • You have more flexibility for filtering and managing access across multiple tables without the overhead of maintaining Dataverse team memberships.

    Disadvantages:

    • It requires more custom development and potentially more automation to ensure records are properly assigned and accessible based on user roles.
    • You'll need to develop custom logic for every data access operation, which might slow down some processes.

    3. Use Azure Active Directory (AAD) Security Groups and Model-Driven Apps

    • You can leverage AAD security groups to manage user access. Each team could be represented as an AAD security group, and then those groups can be assigned security roles in Dataverse.
    • This method simplifies user management, as AAD can automatically sync with your Dataverse environment.

    Advantages:

    • AAD security groups can be managed centrally, and they scale well.
    • Users are automatically granted access based on their AAD group membership without manual team management in Dataverse.

    Disadvantages:

    • You would need proper synchronization between AAD and Dataverse.
    • It may require an enterprise-level Azure setup to fully leverage this solution.

    4. Data Access Governance via Power Platform CoE

    • You can implement Power Platform Center of Excellence (CoE) governance tools to manage the roles and data access policies centrally.
    • CoE can help you with role management, team user assignment, and access audits to ensure users have the right access levels.

    Advantages:

    • Provides a centralized way to manage access, governance, and auditing across your Dataverse environment.
    • Scales well with a growing number of teams.

    Disadvantages:

    • May require more administrative setup and configuration.
    • Could require a Power Platform CoE environment and technical expertise to set up.

    By using a combination of these approaches, you can optimize security management for your application without compromising scalability and data security. Consider starting with Business Units or custom access control logic if you want more fine-grained control, and explore AAD integration for a seamless user management experience.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 796 Most Valuable Professional

#2
Michael E. Gernaey Profile Picture

Michael E. Gernaey 327 Super User 2025 Season 2

#3
Power Platform 1919 Profile Picture

Power Platform 1919 268

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans