Applies to Product – Microsoft Dataverse
What’s happening?
Customers are seeking guidance on how to implement API calls to query security roles from Microsoft Entra and Dynamics 365, specifically to determine where users are inheriting permissions that allow them to delete items.
Reason:
The underlying cause of this is the customer's unfamiliarity with Microsoft Entra and the API calls required to retrieve security roles and privileges assigned to users in Dynamics 365.
Resolution:
To query existing security roles in Dynamics 365, the following API calls can be utilized:
- Use RetrieveAadUserRoles Function (for Azure AD users): This function retrieves the roles an Azure Active Directory (AAD) user has, either through direct assignment or via team memberships.
- Use RetrieveUserPrivileges Function (for system users): This is the most direct Web API function to retrieve all privileges a user has, including those inherited from team memberships.
- Use RetrieveAadUserPrivileges Function (for Azure AD users): If you're working with Azure AD identities, this function is more appropriate.
Customers can run these GET calls directly in their browser to retrieve the necessary information.
