Hi All,
Background:
Our client is using dynamics, and is currently in the middle of importing in large volumes of sensitive data from their legacy CRM systems into their dynamics environment (mostly Contacts data).
During a recent review of security levels for these datasets they discovered that the Dataverse for both their Sandbox and Production environments were fully accessible via Excel via the Data > Get Data > from Power Platform menu dropdown capability.
Impact of this issue:
This is a massive security concern for our client as users within their dynamics environment (who have restricted security roles and views via the front-end of dynamics) can potentially go in via Excel and pull data from their dynamics environment which they don't have permission for. I had initially thought that each user's login credentials would still be tied to the security roles they're assigned while logged into dynamics, however this appears to not be the case.
Question:
Has anyone come across this before and is this a known flaw in security of data in dynamics?
Is there a way to force Excel users to only be able to view/access data which they have the requisite permission in their Dynamics environment?
Thanks
33
Share
Report
All responses (
Answers (
