Share
Report
8Have a Dataverse entity setup to be created by any user with access to the app/environment. Each record will need to be accessed by users in two groups, Managers and Approvers. Managers need to be able to access all columns except the handful of Approver columns, which they can read from, but not write to. Approvers need to be able to access the handful of Approver columns, but can only read all other columns.
The real issue with this is that ANY user could be in ANY role on ANY record. If John Doe is a Manager on record 001, he can't write to the Approver columns on record 001, but he can read from them. However, if he is an Approver on record 002, he can write only to the Approver columns and can only read from the remaining columns.
This means that Access Teams are not a solution as Column Security Profiles can't be assigned to Access Teams. Likewise, Owner Teams are not a solution as each record will need two Owner Teams and this functionality is not supported.
I'm beginning to think I'll need a custom plugin that will work off of the Service Account and check the user's role assignment (Manager or Approver) in a related User-Record table. That way, the records could stay owned by the Service Account and security on Dataverse would be maintained.
Does this sound like the right direction to go or am I missing an easier solution?
The real issue with this is that ANY user could be in ANY role on ANY record. If John Doe is a Manager on record 001, he can't write to the Approver columns on record 001, but he can read from them. However, if he is an Approver on record 002, he can write only to the Approver columns and can only read from the remaining columns.
This means that Access Teams are not a solution as Column Security Profiles can't be assigned to Access Teams. Likewise, Owner Teams are not a solution as each record will need two Owner Teams and this functionality is not supported.
I'm beginning to think I'll need a custom plugin that will work off of the Service Account and check the user's role assignment (Manager or Approver) in a related User-Record table. That way, the records could stay owned by the Service Account and security on Dataverse would be maintained.
Does this sound like the right direction to go or am I missing an easier solution?
Categories:
All responses (
Answers (
