Share
Report
34Hi all,
I am trying to replace our current security set up and use Azure AD groups to provide access to a Model Driven App and data in Dataverse. I am seeing some very strange behaviour and need your help.
The current set up is as follows:
Root BU with two sub business units
Security roles which give access to the data at BU unit level
Users are in one of the sub BUs and assigned a security role directly
This allows us to manage the access to the tables through the security role and access to the data through the BU.
What we would like to do is use Azure AD groups to assign the security role so that we don't need to assign a role to each person individually. This is the current test model:
Root BU with two sub business units
Azure AD group(s) which are in the root BU and each have a role attached. The role has Direct User/Basic access level and Team privileges
User is in a sub BU and has no individual role attached to them
This is the strange behaviour I am seeing:
When user access is given to a table, the user sees only records that they own - correct
When organisation level is given the user sees all records - correct
However, when BU level is given, the user doesn't see anything! (Why would they lose access to their own records when a higher access level has been given?!)
When the security role with BU level access is assigned directly to the user, we see the desired effect: the user has access to the table, but only the records for their BU.
Can anyone shed any light on what is going on? It would be hugely appreciated!
All responses (
Answers (
