web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Dataverse Security Rol...
Power Apps
Answered

Dataverse Security Role Question: Table Creation Permissions

(1) ShareShare
ReportReport
Posted on by Ballard297 33

Hello,

 

Is there a way to create a role that allows users to create Dataverse tables and only view/edit/delete the tables (and the data within the tables) they created?

We have a number of developers who want to explore and use Dataverse, so we would like to have a single environment where developers can freely build new tables and apps on top of them. However, we do not want each developer to see the other's tables and their data. Only my team and I as system admins should have the capability.

When exploring the pre-built roles, I found that I can give a user create privileges for entities (tables), but when they create a table they are not automatically granted permissions to that custom table upon creation. We have to manually update each user's permissions to access the table they just created. Going this route would also likely mean we would need a custom security role for each user to isolate permissions of each users custom tables. The alternative would be to have an environment for each developer, but this would not be effective use of our Dataverse capacity. 

 

Essentially we are looking for a role that automatically grants CRUD privileges for tables that a user creates, but no other tables, without having to manually update their permissions each time they create a table. 

 

Any guidance is greatly appreciated!

Categories:
Microsoft Dataverse with Power Apps
I have the same question (0)
  • AhmedSalih Profile Picture
    AhmedSalih 6,680 Moderator on at

    Hello, @Ballard297, the best option is to use System customizer Role and which is "By default, system customizers have full access to custom entities. If you want to have the same limitations that exist for system entities, you’ll need to adjust the system customizer security role so that the access level is User rather than Organization for custom entities."  https://docs.microsoft.com/en-us/dynamics365/customerengagement/on-premises/customize/privileges-required-customization?view=op-9-1

     

    With this, your developers can create custom tables and they will be only accessed by those who created them. 

     

    Regards,

    Ahmed

    If my reply helped you, please give a 👍. And if it has solved your issue, please consider a 👍 & Accepting it as the Solution to help other members of the community find it more.

    My Blog: www.powerplatformplace.com

  • Ballard297 Profile Picture
    Ballard297 33 on at

    Hey Ahmed,

    This sounds promising, but I can't seem to find how I "adjust the system customizer security role so that the access level is User rather than Organization for custom entities."

     

    When adjusting any security role, I find that the Entity privilege under the Customizations tab can only be triggered to two settings: None or Organization. Here is a screenshot of the privilege I am referring to:

    Ballard297_0-1660132084511.png

     

    Is this perhaps the wrong privilege to be tweaking to make the above quoted adjustment? If so, can you show/tell me exactly what adjustment I need to make to the System Customizer role to make the access level User rather than Organization for all custom entities by default?

    Lastly, can you confirm that using this setup will allow for the following scenario for our developers?:
    Developer A: creates tables 1 & 2
    Developer B: creates table 3

     

    Developer A would only be able to view and edit tables 1 & 2, but will have no permissions to table 3. Developer B would only be able to view and edit table 3, but will have no permissions to tables 1 & 2. 

     

    Thank you for the feedback and I appreciate your further guidance to help me in this scenario!

  • anteneh Profile Picture
    anteneh 3 on at

    yugytyt6r7

  • AhmedSalih Profile Picture
    AhmedSalih 6,680 Moderator on at

    @Ballard297, Okay, I had to re-read that documentation and the system customizer security role will work for the System Entities and not the custom ones. For the custom entities, you will have change the permissions after every time your developers create new table.  Let's wait and see if others have some input to resolve this use case. I will also play with it in my environment sometime over the weekend. 

     

  • Ballard297 Profile Picture
    Ballard297 33 on at

    Will be great to hear feedback from others, as I have to imagine this is a scenario that has been faced by others. Let me know if you find anything while testing this weekend!

  • Verified answer
    MattB-MSFT Profile Picture
    MattB-MSFT Microsoft Employee on at

    @Ballard297 It is not possible to configure a dataverse environment to allow user ownership over system metadata.
    An environment ( outside of the default ) is intended to be used for a given purpose, thus entity management is a global function and permission exist to manage who can create entities and other metadata.

     

    I have two suggestions for you to consider.

    Use the developer environment types for an exploration, or have each developer create and workout of their own solution within a single environment. The solution approach allows for one environment with a visual separation of assets.

     

  • Ballard297 Profile Picture
    Ballard297 33 on at

    Hey Matt, thank you for reaching out.

     

    With the developer environment, will my team be able to govern these like we will any other environment we create or is created by Teams? We have the Power Platform Admin role, so we already see all environments, but just want to know if these developer environments would also be visible to those in the Power Platform Admin role.

     

    With the solution approach, would you then recommend that our developers are set to the system customizer role and simply instructed to create their own solution and only create new content from within their solution?

     

    These both sound like intriguing approaches, just need a little more detail on both and I will then mark as solution 🙂

  • MattB-MSFT Profile Picture
    MattB-MSFT Microsoft Employee on at

    You can read more up on the Developer environment here: Power Apps Developer Plan | Microsoft Power Apps

    You can control the ability to create them by policy, but its a on or off thing, you cannot limit a developer's ability to create one if the feature is enabled.  Your admins will be able to see them. 
    They are intended to be 'short lived' and have heavy restrictions on capacity and lifetime.

     

    for the solutions approach,
    Yes, use customizer role for your developers ( or create an AAD group connected team in dataverse and assign it customizer, where the AAD group has your developers ).  then instruct your developers to create a new solution + publisher for their use in the shared environment. 

  • Ballard297 Profile Picture
    Ballard297 33 on at

    Thank you sir, accepted your two suggestions as the solution.

  • AntonyChrist Profile Picture
    AntonyChrist 22 on at

    @Ballard297  does the system customizer role work for this scenario.

    I tested by giving a user "system customizer" role. This user can see the custom table created by other user as well as "Delete" them.

     

    Is there a "Security Role" which can be assigned to user in which way they should be able to create, view and edit their own Custom tables and not of others??

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the March Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
11manish Profile Picture

11manish 536

#2
WarrenBelz Profile Picture

WarrenBelz 426 Most Valuable Professional

#3
Haque Profile Picture

Haque 305

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans