web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Security Role Issue in...
Power Apps
Unanswered

Security Role Issue in Model-driven App

(0) ShareShare
ReportReport
Posted on by NaCarns 36

Hi. I have been stuck with the same predicament for over 3 days now and my research into the solution is going nowhere. I need this urgently so any direction would be great.


So I have a model-driven application with several custom entities. I have a few users that need to access that application, and depending on the department (or BU) each user is in, they should have custom read/write/create/delete permissions on the custom entities.

 

What I did is I separated the users into business units (all having the same parent BU which is the Organization). I moved the users from the root BU to their own BU, hence they moved Teams. That means they shouldn't inherit the permissions that apply to the Team associated with the root BU, right?

 

John is in BU1, which is under the root/parent BU. I created a security role under BU1. I gave him read permissions for model-driven apps (SCOPE: Organization so the filled green dot) in the Customization tab, and gave him create (SCOPE: BU) and read (SCOPE: Organization) for a custom entity. So this should allow him to see the custom entity and create a new record but not delete/update/etc. Is that correct? But when I wanted to share the app and gave John the security role (only ONE role was given to him), he could access the application (through the unified URL) and see the custom entity, but couldn't see the columns/records/etc of the entity. It's just empty and nothing happens when you click on the entity. What could be the problem?

 

Please and thank you for the help.

 

@Pstork1 @CNT @RandyHayes @WarrenBelz if either of you can help, I'd very much appreciate it. 

Categories:
Governance & administering
I have the same question (0)
  • Pstork1 Profile Picture
    Pstork1 68,707 Most Valuable Professional on at

    I'm not an authority on Model Drive apps, but I suspect the issue is with record ownership not permissions.  Review this article on how record ownership works with BU permissions.

    Security concepts in Microsoft Dataverse - Power Platform | Microsoft Docs

    I suspect you've given John permission to see the entities, but since they aren't owned by his BU he can't see them.  In your case I think you want the entities owned by the organization but john's permissions set by the BU.

  • NaCarns Profile Picture
    NaCarns 36 on at

    Thank you for the reply. So something weird happened: I gave John create and read access at the organization level for a custom entity and added read access for the Web Resource in the Customization tab, and John could see all entities but only access the ones I gave him permission to (he could create records but couldn't delete/modify/etc them). It worked for a while, then I updated the role (removed read access for Web Resource), and everything broke. I tried to revert everything back as it was when it was working, but it just broke permanently. We waited to see if it was a validation/update issue but it wasn't. 

     

    The concepts are clear but I really do not know why things aren't working.. 

  • ChrisPiasecki Profile Picture
    ChrisPiasecki 6,422 Most Valuable Professional on at

    Hi @NaCarns,

     

    Under the customizations tab, you'll want to give your users read access to many of those tables as they are required for built in behavior to work for a user. Web resources for example are required for navigation between pages etc.

     

    ---
    Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.

  • Sid_Jafri Profile Picture
    Sid_Jafri 478 on at

    Hi @NaCarns 

     

    Does Parent BU have read only access to custom entity?

  • NaCarns Profile Picture
    NaCarns 36 on at

    Parent BU has complete access to everything. I think I figured out the problem; I had to clear the cache first, and turn on System Forms and Relationship in the Customization tab. Everything worked. I didn't think every component, like if two entities have a relationship together, has its own access permissions. 

     

    If I want to add Power BI reports/dashboards to my app, do I need to enable more permissions in the Customization tab?  

  • Sid_Jafri Profile Picture
    Sid_Jafri 478 on at

    Hi @NaCarns 

     

    Power BI dashboard is the embed dashboard and it doesn't require more permission in customization tab but I think your users should have access to Power BI workspace/report   

    Please Thumbs up and accept as solution if my post helped you solve your issue.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 717 Most Valuable Professional

#2
Michael E. Gernaey Profile Picture

Michael E. Gernaey 329 Super User 2025 Season 2

#3
Power Platform 1919 Profile Picture

Power Platform 1919 268

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans