web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Confusion about Teams,...
Power Apps
Unanswered

Confusion about Teams, group Teams, Business Units, AAD Group, Security Roles - Security and Governance

(0) ShareShare
ReportReport
Posted on by 44

Hi there,

I have been building Canvas apps for a while and never really thought about security. I am now making an app on Dataverse and would like to use security roles and the like. Reading online/videos have lead me to much confusion.


I understand that when you make an environment, a root business unit is made where all the users live. Then child business units can be made below these. Then Dataverse Teams and be made under these child units and these are called 'Dataverse group Teams'?

 

So for example, the Contoso Group would be a root BU, Contoso West and Contoso East could be child BUs under these, and under these I could have Sales East, and Sales West DV Group Teams all as a hierarchical structure?

 

How does this tie into an AAD Group? Are they the same thing?

 

In my scenario, I have an app where users should be able to approve an application based on what step that application is in. Eg Site Manager should not be able to approve for the General Manager. My thought was to make these different 'Dataverse group Teams' and base the approval on that. Is this the correct way?

For context, in other more simple apps (using Sharepoint), I've created AAD groups and then looked up the user's email (or ID) with the Office365Groups connector.

 

Thank you, 

I have the same question (0)
  • DB2NV Profile Picture
    44 on at

    Any takers?

  • Jonathan Manrique Profile Picture
    2,687 on at

    Hi @DB2NV 

     

    A little bit to understand conceptually, they will be like teams or user containers, to which you can apply common security.

     

    Now, a business unit by default creates a team as well, in this team there can be n users, then it can create another team where there can be m users and these will be different from each other, now up to this point it is understood that in the end they are containers of users, but where the real difference is in the security role and its depth levels since from there you can interact with the registry depending on your need.

     

    As for ADD groups, these can be used to give access to the environment, but then you must give access to the application through security roles, and these are assigned to users or teams. They seem conceptually the same but they are different, one acts to access the environment and the other to the application.

     

    https://learn.microsoft.com/en-us/power-platform/admin/wp-security-cds

     

  • DB2NV Profile Picture
    44 on at

    What are you thoughts on the scenario I've described above?

  • Jonathan Manrique Profile Picture
    2,687 on at

    Hi @DB2NV 

     

    The approach may be correct at the business unit level, but with ADD groups it is not the same as teams in dataverse security

     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 93 Most Valuable Professional

#2
Haque Profile Picture

Haque 81

#3
Valantis Profile Picture

Valantis 49

Last 30 days Overall leaderboard