You’re offline. This is a read only version of the page.
Hi all,
I'd ideally like to have a multi-app environment where different app development projects have distinct access to their apps and Dataverse tables. I'm looking to achieve this via custom security roles that only have tailored access to given custom tables that the app uses, depending on the user's role. I'd like the app owner to manage the teams that inherit these security roles so users can be easily managed without environment admin intervention (e.g. adding a new user to a team).
I don't want the "app admin" to have broader powers within the environment aside from app ownership and managing team members - is this achievable?
Thanks Alberto, I'll take a look at the video! 👍
Hi,
If I understand well you requierement it's possible.
- If you grant access to some users to specified tables of dataverse, you can create a custom security role with this specified access.
Best practice: a custom security role copy of existing role "App Owner"
- After this, you can create a Security Team that be able to link this custom security role with a Security Group in Azure AAD.
- Configure this AAD group like a child of the Security Group of the environment.
- Configure the App owner like Owner that this Security Group.
With all this, if the owner of the application shares it with the group, it is ensured that all users already have access to the necessary dataverse tables.
Besides, like is owner of the AAD group, he can add or remove users in the group, without dependency of an admin.
Video: https://www.microsoft.com/en-us/videoplayer/embed/RWJBr8
-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.
Regards
Alberto
#1
Michael E. Gernaey
11
Super User 2025 Season 1
#2
stampcoin
9
#3
bscarlavai33
5
Super User 2025 Season 1
Share
Report
All responses (
Answers (
