Row level security on entity

(0) Share

Report

Posted on by Dexter_Oz

I have got a scenario so break it down to simple is i will consider two companies , three employees

Company A: employee 1

Company B: employee 2

Employee 3 : few records of company A and few records company B.

First two point where Company A and has associated employee 1 and sees all the records associated and similar for company b and emp 2

Now Emp three should be only allowed to limited records in company A and limited records in company B.

In actual scenario there would be more than 100 companies and multiple employees like emp 3 who will have records across companies.

Table 1

row	Company	Employee access linked to company	Empolyee 3 access allowed or not
row1	CompanyA	emp1	No
row2	CompanyA	emp1	Yes
row3	CompanyA	emp1	No
row4	CompanyA	emp1	Yes

Table 2

row	Company	Employee access linked to company	Empolyee 3 access allowed or not
row1	CompanyB	emp2	No
row2	CompanyB	emp2	Yes
row3	CompanyB	emp2	No
row4	CompanyB	emp2	Yes

Now what is the best to implement this using security roles , teams , BU. Please suggest.

Categories:

Microsoft Dataverse with Power Apps

I have the same question (0)

All responses (3)

Answers (0)

Anton_Dali_UKR 75 on at

Like (1)

Report

A lot of various solutions may be done depends on how Business Unit structure is set. Initial description has a lack of understanding what business flow looks like. Another problem that we don't know who or what must determine a moment when record must be visible for Employee 3.
However, on the top of those suggestions there is a place for thinking about Share operation.
As you should know, this valuable feature to share record with users based on security role permissions is located on the ribbon. By default, users are able to use it manually but creating custom action may easily retranslate it for automatization. Custom action or custom step can be used in workflow. Workflow will have a trigger and gives you an ability to manipulate sharing process behind the scene. Finally, when all required steps will be done, this empower your security settings. The only maintenance may looks more complex than ever.

Of course you also can segregate your users from existing Business Units by adding them into few custom teams prepared for this purpose. Still, due to the lack of clarity how works your system I'm not sure this is proper recommendation

Was this reply helpful? Yes No
Drew Poggemann 9,287 Most Valuable Professional on at

Like (1)

Report

Hi @Dexter_Oz

Please look at Access Teams for row level security. See details here... https://learn.microsoft.com/en-us/dynamics365/mixed-reality/guides/admin-access-teams and another good article by Neil Parkhurst (https://neilparkhurst.com/2021/10/31/view-records-owned-by-an-access-team/)

There are also a number of posts around access teams in the Power Apps community as this is a common topic...

Was this reply helpful? Yes No
Dexter_Oz 85 on at

Like (0)

Report

thanks @Anton_Dali_UKR for reply.
"Business Unit structure is set." : Structure is not set up yet, we are in design phase at the moment

"we don't know who or what must determine a moment when record must be visible for Employee 3." Consider it as super user will manage from each BU ( minimum 3 level under root BU ) employee iteration is when it triggers the change.

"Share operation." I was thinking about this but long run how managable is about this. Would this be better from creating Teams /BU .

Workflow: can you please share some example on this or custom action

Was this reply helpful? Yes No