Skip to main content

Notifications

Announcements

No record found.

Microsoft Dynamics 365 | Integration, Dataverse...
Suggested answer

Best Practice Question: Assign Security Roles to Users or Teams?

Posted on by 59

Hello all,

what are the pros and cons of assigning a security role either directly to a user or to a team?

From what I see assigning a security role to a team and then adding users to that team makes it easier to directly see which group of people have a certain security role. However, in the documentation I can only find guides that talk about directly assigning security roles to users and MS even states:

"While teams provide access to a group of users, you must still associate individual users with security roles that grant the privileges they need to create, update, or delete user-owned records. These privileges cannot be applied by assigning security roles to a team and then adding the user to that team." (Use access teams and owner teams to collaborate and share information (Developer Guide for Dynamics 365 Customer Engagement (on-premises)) | Microsoft Learn)

Do I understand correctly that if I want to configure security roles that allow a user to only edit his/her contacts I need to assign the role directly to the user? What would happen if I assign the role to a team the user is in. Will all team members be able to edit his/her contacts? If I assign security roles to users how do I find out which users have a certain security role?

Thanks

  • Suggested answer
    PerezAguiar Profile Picture
    PerezAguiar on at
    RE: Best Practice Question: Assign Security Roles to Users or Teams?

    Hey.

    First: that link you're pasting is about OnPrem.  The version for Online would be https://learn.microsoft.com/en-us/power-platform/admin/manage-teams  

    Second, this talks about 2 types of Teams:  Owner, Access and AzureAD Team (which is an Owner team associated to an AzureAD SecGroup).  It's important to know the difference between owner (responsible for the record) and Access (have access to records because it has been shared with them).  Security Roles should be assigned to Owner groups.

    Regards,

  • Suggested answer
    Haig Liu Profile Picture
    Haig Liu Microsoft Employee on at
    RE: Best Practice Question: Assign Security Roles to Users or Teams?

    Hi Nicolas Krauter,

    Another point is mentioned below this document:

    A user must have sufficient privileges to join an access team. For example, if the access team has the Delete access right on an account, the user must have the Delete privilege on the Account entity to join the team. If you’re trying to add a user with insufficient privileges, you’ll see this error message: “You can’t add the user to the access team because the user doesn’t have sufficient privileges on the entity.”

    When assigning security roles we can customize a specific security role to be assigned to the same class of users.

    Please follow the steps below to see which users have been assigned to this security role:

    1.Open power apps and click on the nine dots in the upper left corner -> select admin: 

    pastedimage1686103652878v3.png

    2.Open Power Platform admin center -> select the Environment you want to lookup -> Click on see all Security Roles on the right:

    pastedimage1686103936515v5.png

    3.select the role -> click member button

    pastedimage1686104035572v6.png

    4.All users who have been assigned this security role are here:

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,269 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,198 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Product updates

Dynamics 365 release plans