In this blog, we’ll learn about the security role for Dataverse tables. We’ll discuss this in detail about –
- What is Security Role?
- How can we create and modify a Security Role?
- After creation, how could we assign it to a user or a team?
What is Security Role?
Security roles define how different users access different types of records. Dataverse uses security roles to provide access to end users.
How to create and modify a Security Role?
Note: You must be a System Administrator or a Global Administrator to create, modify and assign security roles.
1. Open make.powerapps.com and click on the gear 
icon in the top right corner and select Advanced Settings as shown in the picture below.
2. Now on the new screen, select the down icon 
beside settings and select security.
3. Select Security Roles
4. It will open a list of security roles. From this screen, we can modify the security roles. Click New
5. A popup will come. Now enter the details such as Role Name.
As you can see multiple tabs e.g., Sales, Service, Business Management, etc. so you can use these tabs if you are using these entities in Dynamics CRM but here, we shall use Dataverse entities which we can find in the last tab under Custom Entities.
- In No. 1, This is Record Level Privileges, Record-level privileges define which tasks a user with access to the record can do, such as Read, Create, Delete, Write, Assign, Share, Append, and Append To. Append means to attach another record, such as an activity or note, to a record. Append to means to be attached to a record. More information: Record-level privileges.
- In No. 2, The colored circles on the security role settings page define the access level for that privilege. Access levels determine how deep or high in the organizational business unit hierarchy the user can perform the specified privilege. The following table lists the levels of access in the app, starting with the level that gives users the most access.
| Icon | Description |
 | Global. This access level gives a user access to all records in the organization, regardless of the business unit hierarchical level that the environment or the user belongs to. Users who have Global access automatically have Deep, Local, and Basic access, also. Because this access level gives access to information throughout the organization, it should be restricted to match the organization’s data security plan. This level of access is usually reserved for managers with authority over the organization. The application refers to this access level as Organization. |
 | Deep. This access level gives a user access to records in the user’s business unit and all business units subordinate to the user’s business unit. Users who have Deep access automatically have Local and Basic access, also. Because this access level gives access to information throughout the business unit and subordinate business units, it should be restricted to match the organization’s data security plan. This level of access is usually reserved for managers with authority over the business units. The application refers to this access level as Parent: Child Business Units. |
 | Local. This access level gives a user access to records in the user’s business unit. Users who have Local access automatically have Basic access, also. Because this access level gives access to information throughout the business unit, it should be restricted to match the organization’s data security plan. This level of access is usually reserved for managers with authority over the business unit. The application refers to this access level as Business Unit. |
 | Basic. This access level gives a user access to records that the user owns, objects that are shared with the organization, objects that are shared with the user, and objects that are shared with a team that the user is a member of. This is the typical level of access for sales and service representatives. The application refers to this access level as a User. |
 | None. No access is allowed. |
For detailed information about access level: Security roles and privileges
6. Select the entities with what access level you want to give and click Save & Close on the top left corner to save the changes.
Now, we have created a security role. In the next step, we shall know how we can assign it to a user or a team.
How to assign a security role?
In this step, we shall see how we can assign a security role to Users and Teams.
A. Open make.powerapps.com and click on the gear icon in the top right corner and select Advanced Settings as shown in the picture below.
2. Now on the new screen, select the down icon beside settings and select security.
Assign Security role to Users
1. Now click on Users
Note: The users must have the Dataverse license to consume the security roles.
2. In the next screen, follow the below steps –
- Search for the user to whom you want to give access.
- Click on the checkbox in front of the user’s name.
- Click on Manage Roles to see/assign security roles to the user.
3. A popup will come, scroll to the security role which you created in the previous step and select it by checking the checkbox and clicking OK.
Assign a security role to Teams
This includes the same step as a user.
1. Select Teams
2. In the next screen, follow the below steps –
- Search for the team to whom you want to give access.
- Click on the checkbox in front of the Team’s name.
- Click on Manage Roles to see/assign security roles to the team.
3. A popup will come, scroll to the security role which you created in the previous step and select it by checking the checkbox and clicking OK.
Additional Microsoft Resources
Security roles and privileges – click here
Create or edit a security role to manage access – click here
Configure user security to resources in an environment – click here
Securing the app and data – click here
Conclusion
Well, this is the end of the post. Using the above demonstration, you can create a security role for your Dataverse tables and assign it to the users or the team.
Let me know if you have any queries or suggestions in the comment below or reach out to me at dipak@powersolution.dev. I’ll see you next time.