Column-Level Security- What is that?
If you are new to working on projects with Dataverse, this could be a bit overwhelming. But don't worry, we will figure this out.
Security in Dataverse 101
Dataverse uses role-based security to group a collection of privileges. After which, you can assign these security roles to users/ teams/ business units. Please keep in mind that if you are trying to accumulate multiple roles to a user/ team/ business unit, the greatest amount of access still prevails. For example, if you have given an organizational level read access to table X, then we can't go and hide individual rows in that field.
Another important security feature in Dataverse is Business units. These help in defining a security boundary. By default, every database has a single root business unit. Business units are one of the building blocks that help in managing users and the data they can access. We can also create child business units, which would further help us compartmentalize separate groups.
If we dig a bit deeper, then we come into this concept of Table/record ownership. Within Dataverse we can have a record that is either Organization owned, or User/Team owned. Please keep in mind this is a choice that we must make at the time of creation of the table, and it can't be changed later. The name organization owned speaks for itself, the user can either do some operation with the record or not. When it comes to User/Team owned, the access level is tiered from organization to business unit to child business unit to individual user.
You might also be wondering what/who determines the access to record? But the answer could get complex as it is combination of security roles, business unit (also child if applicable), teams, and the records shared with them. Again, the basic principle here is the access to records are accumulative.
I know this a lot of information, and we haven't even gotten to the Column Secuity. But this also gives you an idea as to how you can build complex security models within Dataverse.
Now let's get to the bottom of the sea, and here we see the column level security.
Column-Level - The why?
But why would you want to implement such a granular level security for a record?
I have a scenario where it might be useful. I am an avid climber/boulderer, and I know that when you go to a new gym you must register yourself in their system. Now, only the owner of the gym has access to this table. But let's say if someone is unfortunately injured and the employee needs to contact this individual's emergency contact number, but they can't find it as they don't have access to this table. But as an owner I don't want to give access to all the information about the climber to the employees and I only want to show specific fields to the employees.
Column-Level - The how?
How are we going to give access to fields for the employees?
We can pick an existing table and select an existing column or create a new column, and when we select the advanced options, there we see the check-box to enable column security.
Is that all? No, not yet. We still need to configure it. Let's first go to advanced settings.
领英推荐
And now if we click the arrow next to settings, we see the security option.
And once we are on the security screen, we see the features that we want to work with. We want to work with the Field Security Profiles.
We want to create a new field security profile.
Before we can add teams or users, we first need to save it. Once we have added the members/teams, then we move on to the field permissions. Here we see the field/column for which we checked the check-box to enable column-level security.
We can select the field and click edit. And in our case, we want the employees to have the ability to read the number. So, we go ahead and change the Allow Read option to yes.
Now, we can use this field in the app to show the employees the emergency contact information. We can also implement this for multiple columns.
I hope this gave you an idea of how you can implement column-level security for your Dataverse projects.
I have barely scratched the surface when it comes to Dataverse. But if you want to dive deep, please refer to this link below. They have an exhaustive documentation about Security in Dataverse
Van handmatige chaos naar veilige AI-gestuurde automatiseringen.
1 年Nice Job Ashwin Ganesh Kumar, helpful for a lot of use cases!
Senior Power Platform Consultant | Co-Host of Sprint Zero Podcast
1 年Thanks for the article Ashwin Ganesh Kumar, security in Dataverse is sometimes a daunting subject for those starting out and this article goes a long way to help others understand some of the concepts around Org/Business Unit/Team/User roles, Record ownership and most importantly, column level security.
Microsoft Cloud Developer Advocate 10 x Microsoft MVP #PowerPlatform #ProCodeNoCodeUnite
1 年As you say in the article ‘the answer could get complex’ - but you’ve done a great job of digging into this complex subject! Keep the posts coming ?????
6 x Microsoft MVP, Power Platform Specialist, Trainer, and Coach | Cohost of Power Platform BOOST podcast | Team Canada Powerlifting
1 年Great article on one of the many hidden/forgotten features of Dataverse! Keep ‘em coming!
Looking for a job
1 年A SharePoint killer feature.