2327179

Author: tapanm-MSFT

powerapps-docs/maker/TOC.yml

@@ -2281,8 +2281,6 @@
           href: ../teams/add-app-notifications.md
         - name: Enable consistent experience across sessions
           href: ../teams/consistent-experience-across-sessions.md
-        - name: Granting permission to tables in Dataverse for Teams
-          href: ../teams/dataverse-for-teams-table-permissions.md
     - name: Manage your apps
       href: ../teams/manage-your-apps.md
     - name: Set permission and share your app
@@ -2449,6 +2447,8 @@
               href: ../teams/localizing-sample-apps.md
             - name: Theming in sample apps 
               href: ../teams/sample-app-theming.md
+            - name: Working with table permission in sample apps
+              href: ../teams/dataverse-for-teams-table-permissions.md
         - name: FAQs for sample apps
           href: ../teams/sample-apps-faqs.md
     - name: Known issues and limitations

powerapps-docs/teams/dataverse-for-teams-table-permissions.md

@@ -22,7 +22,7 @@ For example, if you've an app with sensitive customer data, unauthorized access
 
 You may think "I'll just obscure access to sensitive data in my app!" However, if the underlying data source is shared with users, they can still get to the data, or build new apps on the data source, giving them access to the restricted records.
 
-One of the advantages of building Power Apps in Teams with Dataverse for Teams is that it provides the ability to set the table permissions to your specific business needs that map the security roles in Teams—such as Owners, Members, Guests and App Users.
+One of the advantages of building Power Apps in Teams with Dataverse for Teams is that it provides the ability to set the table permissions to your specific business needs that map the security roles in Teams—such as Owners, Members, Guests, and App Users.
 
 For example, if there's a table that the users should only be able to modify for the records that they own, Dataverse for Teams offers a table permission called **Collaborate** that gives users the ability to only edit records that they own. In this article, we'll review the table permissions in Dataverse for Teams, and learn about how you can use them to secure your important business applications.
 
@@ -34,9 +34,9 @@ For example, if there's a table that the users should only be able to modify for
 Permission to apps and the data that they use in Teams are based on the following roles in Teams team.
 
 - **Owner** - A team member with the owner role. This includes the creator of the team, and anyone who has been given the owner role by another users. Owners get full access to the data used in apps in the team.
-- **Member** - A team member who is not an owner. By default, team members get full access like owners, but you can also change the permission for team members. You might want to restrict members from being able to edit certain tables. For example, in the [Bulletins app for Teams](bulletins.md), if you wanted to have members be able to read the bulletins but not edit them, you could give team members **Reference** permission on the **Bulletins** table.
+- **Member** - A team member who isn't an owner. By default, team members get full access like owners, but you can also change the permission for team members. You might want to restrict members from being able to edit certain tables. For example, in the [Bulletins app for Teams](bulletins.md), if you wanted to have members be able to read the bulletins but not edit them, you could give team members **Reference** permission on the **Bulletins** table.
 - **Guest** - A guest is someone outside of your organization who is added to the team. By default, guests can create records, but not view records created by others.
-- **Colleagues with access**: With Power Apps for Teams, you can share an app with a Azure AD security group whose members need not be part of the Teams team where the app was built. This enables you to add users to the application without having to add them to the specific team, and opens up “Broad Distribution” scenarios. For example, you may want to build an app that is enabled for every accountant in the organization, or even every employee in that organization.
+- **Colleagues with access**: With Power Apps for Teams, you can share an app with Azure AD security group whose members need not be part of the Teams team where the app was built. This enables you to add users to the application without having to add them to the specific team, and opens up “Broad Distribution” scenarios. For example, you may want to build an app that is enabled for every accountant in the organization, or even every employee in that organization.
 
 ## Understanding table permissions
 
@@ -79,71 +79,57 @@ Let’s take a look at how table permissions work in practice. We'll create a ta
 
 1. Save and Publish the app. You'll need to select a channel in which the app will be displayed—select **+** next to the desired channel name to select the channel.
 
-## Granting permissions to the tables
+### Configure and verify table permissions
 
-We are going to set the permissions for the vehicles table for Team members:
+We're going to set the permissions for the vehicles table for Team members:
 
-1.  In Teams, open the **Power Apps** app. Right mouse click on the Power Apps icon in Teams and select **Pop out app**. This will pop out the app in a new window, so if you navigate somewhere else in Teams you won’t lose your changes.
-    
-2.  Select the **Build** tab.
+1. In Teams, open the **Power Apps** app. Right-click on the Power Apps icon in Teams, and select **Pop out app**. This will pop out the app in a new window, so if you move somewhere else in Teams, you won’t lose your changes.
 
-3.  Select the team that contains the Vehicle Manager app.
+1. Select the **Build** tab.
 
-4.  In the **Items created for…** area, select **See all**.
+1. Select the team that contains the Vehicle Manager app.
 
-5.  Select **Tables** from the solution components bar.
+1. In the **Items created for…** area, select **See all**.
 
-6.  Select the Vehicle table and then select **Manage permissions**.
+1. Select **Tables** from the solution components bar.
 
-7.  Select the **Member** node. The initial permission will show Full access. Select the permission **Private** and select **Save.**
-    
-    ![Manage table permissions](media/granting-permissions-to-tables-in-dataverse-for-teams/seeing-them-in-practice-3.png "Manage table permissions")
-
-Next, we will log in to Teams as a user who is a non owner Team member to
-observe their experience.
-
-1.  Log into Teams using a user who is a member of the team in which the app is installed.
-    
-2.  Select the channel where the app is installed.
-
-3.  Select the tab for the Vehicle Manager app.
-
-4.  The app should open for the user, but no records will show in the gallery, as the user only has visibility to their own records.
-    
-5.  Select **New record** to create a new vehicle record, select the check mark to save the record.
-    
-6.  You should now see one record in the gallery.
-
-Log out of Teams and log back in as the Team owner. We will now go to
-the table and see the created data.
-
-1.  Log in to Teams using using the Team owner personal.
+1. Select the Vehicle table and then select **Manage permissions**.
 
-2.  Right click on the Power Apps icon and pop out the app.
+1. Select the **Member** node. The initial permission will show Full access. Select the permission **Private** and select **Save**.
 
-3.  Select the **Build** tab.
+    ![Manage table permissions](media/granting-permissions-to-tables-in-dataverse-for-teams/seeing-them-in-practice-3.png "Manage table permissions")
 
-4.  Select the team in which the Vehicle Manager app is installed
+Next, we'll log in to Teams as a user who is a non-owner Team member to observe their experience.
 
-5.  Select the Vehicle table
+1. Log into Teams using a user who is a member of the team in which the app is installed.
+1. Select the channel where the app is installed.
+1. Select the tab for the Vehicle Manager app.
+1. The app should open for the user, but no records will show in the gallery, as the user only has visibility to their own records.
+1. Select **New record** to create a new vehicle record, select the check mark to save the record.
+1. You should now see one record in the gallery.
 
-6.  Select **Edit**.
+Log out of Teams and log back in as the Team owner. We'll now go to the table and see the created data.
 
-7.  You will now see two records in the Vehicle table, each with a different
-    owner.
+1. Log in to Teams using the Team owner personal.
+1. Right-click on the Power Apps icon and pop out the app.
+1. Select the **Build** tab.
+1. Select the team in which the Vehicle Manager app is installed
+1. Select the Vehicle table
+1. Select **Edit**.
+1. You'll now see two records in the Vehicle table, each with a different owner.
 
     ![View table records](media/granting-permissions-to-tables-in-dataverse-for-teams/seeing-them-in-practice-4.png "View table records")
 
-    So how would this apply to one of the Power Apps templates for Teams?
-    
-    For example, with Bulletins we might set the following permissions for the tables in the app:
+So how would this apply to one of the sample apps for Teams?
+
+For example, with Bulletins we might set the following permissions for the tables in the app:
 
 | Table                        | Permission  | Reason                                                                                                                      |
 |------------------------------|-------------|-----------------------------------------------------------------------------------------------------------------------------|
 | Bulletin                     | Reference   | Users should read all bulletins, but not edit or create bulletins.                                                          |
 | Bulletin Bookmark            | Private     | Users should create their own bulletins, but not view or edit other users’ bookmarks.                                       |
 | Bulletin Category            | Reference   | Users should read all categories but not edit or create categories.                                                         |
-| Bulletin Category Preference | Private     | Users should create their own category preferences but should not be able to read or edit other users category preferences. |
+| Bulletin Category Preference | Private     | Users should create their own category preferences but shouldn't be able to read or edit other users category preferences. |
 | Bulletin Contact             | Reference   | Users should read all contact records but not create or edit contacts.                                                      |
 | Bulletin FAQ                 | Reference   | Users should read all FAQ records but not create or edit existing FAQ records.                                              |
 | Bulletin FAQ Category        | Reference   | Users should read all FAQ categories but not create or edit existing FAQ records                                            |
@@ -156,27 +142,19 @@ the table and see the created data.
 
 Before assigning permissions, you should plan your security based on the personas of users of your app. Who will administer the app? Who will use the app? How will they use it?
 
-For example, the Inspection Power apps template for Teams is designed to address the following personas:
+For example, the Inspection sample app for Teams is designed to address the following personas:
 
--   Inspection manager: creates Inspection forms and manages the list of locations or assets.
-    
--   Inspection reviewer: reviews inspection data and approves inspections.
-
--   Inspection User: completes inspections.
+- **Inspection manager** - Creates Inspection forms and manages the list of locations or assets.
+- **Inspection reviewer** - Reviews inspection data and approves inspections.
+- **Inspection User** - Completes the inspections.
 
 Once we have the personas defined, relate these personas to the team role to which they should be assigned:
 
--   Inspection manager: Since inspection managers will need full access to create inspection forms and other system table records, we will make them owners in the team.
-    
--   Inspection reviewer: Since inspection reviewers should be able to edit all inspections, but they will not create inspection forms, we will make them team members. This will enable us to give them reference access to the Area Inspection Checklist table (where inspection form data is stored), but full access to Area Inspection table (where inspection records are stored).
-    
--   Inspection user: Inspection users should only be able to submit new inspections, but not create new inspection forms or see other user’s inspections. So we will not make them members of the team in which the app is installed—we will share the app with them as colleagues, and give them Reference  permission to Area Inspection Checklist and Private permission to Area Inspection. This will allow users to view inspection forms and create their own inspection records.
-
-## Learn more:
-
-For more details on recommended table permissions for the Power App templates for Teams, see the following topics:
+- **Inspection manager** - Since inspection managers will need full access to create inspection forms and other system table records, we'll make them owners in the team.
+- **Inspection reviewer** - Since inspection reviewers should be able to edit all inspections, but they won't create inspection forms, we'll make them team members. This will enable us to give them reference access to the Area **Inspection Checklist** table (where inspection form data is stored), but full access to **Area Inspection** table (where inspection records are stored).
+- **Inspection user** - Inspection users should only be able to submit new inspections, but not create new inspection forms or see other user’s inspections. So we won't make them members of the team in which the app is installed—we'll share the app with them as colleagues, and give them **Reference** permission to **Area Inspection Checklist** and **Private** permission to **Area Inspection**. This will allow users to view inspection forms and create their own inspection records.
 
--   [Deploy Profile + as broad distibution app](deploy-profile-plus-broad-distribution.md)
+For more details about the recommended table permissions for the sample apps for Teams, see articles about deploying sample apps broadly, such as [Deploy Profile + as broad distribution app](deploy-profile-plus-broad-distribution.md).
 
 ### See also