Announcements
When I did a user report of the security roles I noticed that some users had the System Administrator security role assigned. I removed this role for each user because those users weren't eligible for that role.Some days later I noticed that the same thing happened to the same set of users so what I did was enable the Auditing for the security role entity and cleared their permissions.
Now that it happened again I checked the logs and saw that # CDSUserManagement is assigning the roles. Why is this happening and how can I stop this?
Regards
Hey Venjirai.
there are many reasons why this could be happening:
a) the tenant is using PIM and the affected users requested higher permissions (like Global Admin). As a result, this provides the uses that receive this higher Azure Role (Global Admin for example) with the System Administrator role on Dataverse.
b) Similar situation if the users have a higher role assigned in a permanent way (for example, Power Platform Administrator role in Azure)
The best advise would be to open a request to Microsoft for further investigation
Thanks for your reply, you led me to the right direction.
In Azure Active Directory I saw that those users had the role "Dynamics Administrator" assigned.
I removed those and I think this will have solved the problem.
Under review
Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.
Jump in, show your community spirit, and win prizes!
Expanding mentorship, skilling, and AI innovation
These are the community rock stars!
Stay up to date on forum activity by subscribing.
Hamza H 142 Super User 2026 Season 1
Nagaraju_Matta 128
11manish 121
