So currently I have developed a canvas app and for the database I am using Dataverse. This app will be added to the MS Teams (not PowerApps for Teams).
In dataverse I have custom entities and I have enabled security by creating a new security role for the app. The use case is that user should have access to only their own records and the records that are shared with them using Power Automate flow. Following are my worries
- Sharing record using flow with multiple users is very slow and complex (at different phases of lifecycle privileges to record will change). What will happen if the record needs to be shared with the entire organization (>1000 users).
- Users with System Administrator and Environment Admin role has full access to custom entities which is not required because of the sensitive data in custom entities. And the problem is even if I modify the roles in my tenant what will happen when I will move the app to the client's tenant.
- Does the client with thousands of users needs to manually assign the custom security role manually to all users or is there a better way.
To summarize I need to create a security architecture for this app which will be used by thousands of users and also it will be shipped to multiple customer tenants. I will provide more information if the problem is not clear.
