Security roles assigned automatically by system

(0) Share

Report

Posted on by Venjirai

When I did a user report of the security roles I noticed that some users had the System Administrator security role assigned.
I removed this role for each user because those users weren't eligible for that role.
Some days later I noticed that the same thing happened to the same set of users so what I did was enable the Auditing for the security role entity and cleared their permissions.

Now that it happened again I checked the logs and saw that # CDSUserManagement is assigning the roles. Why is this happening and how can I stop this?

Regards

All responses (2)

Answers (0)

Venjirai 13 on at

Like (0)

Report

RE: Security roles assigned automatically by system

Thanks for your reply, you led me to the right direction.

In Azure Active Directory I saw that those users had the role "Dynamics Administrator" assigned.

I removed those and I think this will have solved the problem.
Suggested answer

PerezAguiar on at

Like (0)

Report

RE: Security roles assigned automatically by system

Hey Venjirai.

there are many reasons why this could be happening:

a) the tenant is using PIM and the affected users requested higher permissions (like Global Admin). As a result, this provides the uses that receive this higher Azure Role (Global Admin for example) with the System Administrator role on Dataverse.

b) Similar situation if the users have a higher role assigned in a permanent way (for example, Power Platform Administrator role in Azure)

The best advise would be to open a request to Microsoft for further investigation

Regards