Adventures with Dataverse: Teams and Security Roles

Posted on by mattruma

I have a sample application that consists of two tables, Forms and Form Types and a Model-Driven Application called Forms Model App.

Figure 1 – Model-Driven app

Currently I have three Form Types:

  • Form Type A
  • Form Type B
  • Form Type C

When creating a Form you have to assign a Form Type.

I had a new requirement come up.

I wanted to allow certain people to have access to edit certain Forms based on the Form Type.

After giving this some thought 💭, I think I came up with a good solution that I will share with you.

Create Security Role for Forms User

I navigated to the Power Platform Admin Center and created a Security Role called Forms User in the environment where my solution lives.

Figure 2 – Create new security role

I made sure to set Include App Opener for running Model-Driven apps to On.

I gave the Security Role the appropriate permissions to access the Forms and Form Types tables.

Figure 3 – Set table permissions

🫵Notice I gave the Forms table mostly User permissions, meaning the user would only be able to do the action on records they owned.

I then added the Security Role to the solution.

Create Teams

I then navigated back to my environment in Power Platform Admin Center and under Settings clicked Teams.

I added three teams, one for each form: Form Type A Team, Form Type B Team and Form Type C Team.

I added the Security Role for Forms User to each.

Figure 4 – Add security role

I then added Demo User to Form Type A Team and Form Type C Team.

Figure 5 – Add user

Create Flow to Update Owner

In order for this to work correctly, I need to change the Owner of the Form to the correct Team based on the Form Type.

The flow sets the Owner of the Form to the Owner of the Form Type.

Figure 6 – Flow to update owner

I set the Owner of each of the Form Types to the respective team:

For the Form Type named Form Type A, I set the Owner to Form Type A Team. I repeated for Form Type B and Form Type C, respectively.

What happens when the flow runs⚙️?

It looks at the Owner of the Form Type assigned to the Form, and makes that the Owner of the Form, in this case, it will always be a Team.

Test the Application and Security

Now I’m ready to test🧪 my application.

From the app maker side of things, where I have the appropriate permissions, I created several Forms of different Form Types.

Figure 7 – Add forms

I now log 🔒 in as my Demo User.

As expected, I only see Forms that are of Form Type A and Form Type C.

Figure 8 – Security roles and teams in action

I think it took me longer to think about how to do this, than actually do it!

If there is a better way, please share! 🙂

Check out the solution for yourself at FormsSolution_1_0_0_1.zip.

Don’t forget to setup the Teams in the Power Platform Admin Center for your environment.

Leave a Reply

Your email address will not be published. Required fields are marked *