You’re offline. This is a read only version of the page.
Hi all,
I'd like help with a security model design. I have a canvas application build with Dataverse as the back end. The application is used to create tickets for after sales services.
There are 3 profiles :
- Shops : see only the tickets that they created
- Workshop 1 (Management) : sees all tickets
- Workshops 2 and 3 : see the tickets from any of the shops but only the tickets that concern them (can be determined by the status, but could be managed by the owner/team/BU of the line if there is a way to do this)
I know I can fulfill all of this in the canvas application with filters, but if possible, I would like to use security to restrict access too.
My first thoughts are to leave the shop as the owner of the lines and have their security privileges at user level. Workshop 1 will have organisation level. Is there any way I can manage workshop 2 and 3's access with security ?
Happy to hear any thoughts.
Thanks
Hi @HFG ,
I was expecting you would implement through Power Automate flow which could add or remove the members from the Access team. This would apply the appropriate security even though you are using a Canvas app as it is at the Dataverse level.
I would expect you could call the flow from your canvas app passing in the user to share with and it would assign the user to the access team and from that point they will have the security assigned.
Hi @dpoggemann ,
Thanks for your reply. It does look like access teams would work for this. However, looking at the information, I'm unsure if it can work within a canvas app. For example, I read that you have to customize the entity main form to include the new team template. Do you know if it can work if I am not using a model driven app? If I carry out the steps on the main form will it activate the security anyway ?
Also, do you know if there is a way to share a record from a canvas application ? I have seen posts detailing how to do it through Power Automate but none for a canvas app. It would be great if I didn't have to run a flow everytime a ticket is created/modified.
Thanks!
Hi @HFG ,
Management (Workshop 1) : right, this can be done with a role allowing the users to view / edit / create / etc. based on an assigned security role.
Shops : This would be a security role assigned to to the users with "User" level security for the ability to manage only their own records as required. Assumption here is the owner of the records will be the user that created them...
Workshops 2 & 3 : Since the records will be owned by the "Shops" and these users will own the records, then we will need to handle the access to these records through something like "Access Teams". See details / links below on Access Teams....
Access Teams
Based on your business requirements above I would look at these options.
#1
WarrenBelz
146,651
Most Valuable Professional
#2
RandyHayes
76,287
Super User 2024 Season 1
#3
Pstork1
65,997
Most Valuable Professional
Share
Report
All responses (
Answers (
