Restricting User Access to Entity in Model-Driven App (Dataverse)

(0) Share

Report

Posted on by CU18101045-0

I have a custom ticketing system in a model-driven app (Dataverse). Tickets can be raised by any person in the organization via a Power App. Users need to see both the tickets assigned to them ("raised on me") and the tickets they have raised ("raised by me"). To achieve this, we have granted users 'read' access to the organization and restricted their views by removing edit filters and the advanced find option. Despite this, users can still access all tickets from the backend. How can we further restrict this access, or is there any workaround?

Thank you

Categories:

Security

I have the same question (0)

All responses (1)

Answers (0)

Suggested answer

SaiRT14 1,990 Super User 2025 Season 2 on at

Like (0)

Report
Restricting User Access to Entity in Model-Driven App (Dataverse)

Best Practice is:

Security Roles & Hierarchy Modeling:

Security Roles: Modify the security roles assigned to users to have user-level access for the Ticket entity. Ensure that users have "Read" access only at the user level (rather than organization-level access), which limits them to viewing their own records.

Field-Level Security: If certain fields or data are sensitive, consider applying field-level security to restrict access to specific fields while allowing visibility of the ticket.

Hierarchical Security: If users need access to tickets raised by others within their reporting hierarchy, consider enabling hierarchical security to allow role-specific access without giving organization-wide visibility.

Assign users to the respective roles

Was this reply helpful? Yes No