You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
title: Granting permission to tables in Dataverse for Teams | Microsoft Docs
3
-
description: Explains how to manage table permissions in Dataverse for Teams.
2
+
title: Granting permission to tables in Dataverse for Microsoft Teams | Microsoft Docs
3
+
description: Learn about managing table permissions in Dataverse for Teams while building apps.
4
4
author: joel-lindstrom
5
5
ms.service: powerapps
6
6
ms.topic: conceptual
7
7
ms.custom:
8
-
ms.date: 03/11/2020
9
-
ms.author: v-ljoel
8
+
ms.date: 08/19/2021
9
+
ms.author: namarwah
10
10
ms.reviewer: tapanm-msft
11
11
contributors:
12
-
- tapanm-msft
13
-
- navjotm
14
-
- joel-lindstrom
12
+
- tapanm-msft
13
+
- navjotm
14
+
- joel-lindstrom
15
15
---
16
16
17
-
# Granting permission to tables in Dataverse for Teams
17
+
# Granting permission to tables in Dataverse for Microsoft Teams
18
18
19
-
When building Power Apps, one important consideration is data security. Your apps drive important business processes, and if users can see sensitive data or delete records for which they should not have access, it can disrupt your business.
19
+
When building Power Apps, one important consideration is data security. Your apps drive important business processes, and if users can see sensitive data or delete records that they shouldn't have access to, it can disrupt your business.
20
20
21
-
For example, if you have an app with sensitive customer data, unauthorized access to the data could put your company at risk of compliance with privacy laws.
21
+
For example, if you've an app with sensitive customer data, unauthorized access to the data could put your company at risk of compliance with privacy laws.
22
22
23
-
You may think "I will just obscure access to sensitive data in my app." However, if the underlying data source is shared with users, they can still get to the data, or build new apps on the data source, giving them access to the restricted records.
23
+
You may think "I'll just obscure access to sensitive data in my app!" However, if the underlying data source is shared with users, they can still get to the data, or build new apps on the data source, giving them access to the restricted records.
24
24
25
-
One of the advantages of building Power Apps in Teams with Dataverse for Teams is that it provides the ability to set the table permissions to your specific business needs that map the security roles in Teams - such as Owners, Members, Guests and App Users
25
+
One of the advantages of building Power Apps in Teams with Dataverse for Teams is that it provides the ability to set the table permissions to your specific business needs that map the security roles in Teams—such as Owners, Members, Guests and App Users.
26
26
27
-
For example, if you have a table for which users should only be able to modify records that they own, Dataverse for Teams offers a table permission called **Collaborate** that gives users the ability to only edit records for which they are the record owner. In this topic, we will review table permissions in Dataverse for Teams and how you can use them to secure your important business applications.
27
+
For example, if there's a table that the users should only be able to modify for the records that they own, Dataverse for Teams offers a table permission called **Collaborate** that gives users the ability to only edit records that they own. In this article, we'll review the table permissions in Dataverse for Teams, and learn about how you can use them to secure your important business applications.
28
28
29
-
Note that as of the time of this video, only team owners have the ability to edit table permissions.
29
+
> [!NOTE]
30
+
> Only team owners have the ability to edit table permissions currently.
30
31
31
32
## Understanding team roles
32
33
33
-
Permission to apps and the data that they use in Microsoft Teams are based on the role that the user has in the team. The following are the roles that a user can have in a team:
34
+
Permission to apps and the data that they use in Teams are based on the following roles in Teams team.
34
35
35
-
- Owner: a team member with the owner role. This includes the creator of the team and anyone who has been given the owner role by another users. Owners get full access to the data used in apps in the team.
36
-
37
-
- Member: a team member who is not an owner. By default, team members get full access like owners, but you can also change the permission for team members. You might want to restrict members from being able to edit certain tables. For example, in the [Bulletins app for Microsoft Teams](bulletins.md), if you wanted to have members be able to read Bulletins but not edit them, you could give team members **Reference** permission on the Bulletins table.
38
-
39
-
- Guest: a guest is someone outside of your organization who is added to the team. By default, guests can create records, but not view records created by others.
40
-
41
-
- Colleagues with access: With Power Apps for Microsoft Teams, you can share an app with a AAD security group whose members need not be part of the Teams team where the app was built. This enables you to add users to the application without having to add them to the specific Teams team and opens up “Broad Distribution” scenarios. For example, you may want to build an app that is enabled for every accountant in the organization, or even every employee in that organization.
36
+
-**Owner** - A team member with the owner role. This includes the creator of the team, and anyone who has been given the owner role by another users. Owners get full access to the data used in apps in the team.
37
+
-**Member** - A team member who is not an owner. By default, team members get full access like owners, but you can also change the permission for team members. You might want to restrict members from being able to edit certain tables. For example, in the [Bulletins app for Teams](bulletins.md), if you wanted to have members be able to read the bulletins but not edit them, you could give team members **Reference** permission on the **Bulletins** table.
38
+
-**Guest** - A guest is someone outside of your organization who is added to the team. By default, guests can create records, but not view records created by others.
39
+
-**Colleagues with access**: With Power Apps for Teams, you can share an app with a Azure AD security group whose members need not be part of the Teams team where the app was built. This enables you to add users to the application without having to add them to the specific team, and opens up “Broad Distribution” scenarios. For example, you may want to build an app that is enabled for every accountant in the organization, or even every employee in that organization.
42
40
43
41
## Understanding table permissions
44
42
45
43
When assigning security to a table, the following are the permissions that you can assign:
46
44
47
-
- Full Access – Allows end users to see and edit all records in the table.
48
-
49
-
- Collaborate – Allows end users to see all records and create new records. But they can only edit or delete their own records. An example for when you want to use collaborate is 'up votes' in the Ideas app or the Perspectives app. You want each user of the app to view the upvotes of other users. But they should not be able tor change the votes for any users other than their own.
50
-
51
-
- Reference – Provides a read-only view of data. Users cannot create, edit, or delete any records. An example is in Bulletins, if you want users to read Bulletin records but not edit Bulletins, you would give them reference privilege on the Bulletin table.
52
-
53
-
- Private – Users can create new records. Additionally, they can view, edit, or delete their own records only. An example is in issue reporting if you want users to only be able to create and see their own issue records in Dataverse, you would give them private privilege on the issue report table.
54
-
55
-
## Seeing them in practice
56
-
57
-
Let’s take a look at how table permissions work in practice. We will create a table and then show what two different users see.
58
-
59
-
NOTE: To complete this part of the lesson you will need an environment with two user logins, with one of them having the Team owner role and another with Team member (a member of the Team but not granted owner role)
60
-
61
-
1. Log in to Microsoft Teams as the Team owner.
45
+
-**Full Access** – Allows end users to see and edit all records in the table.
46
+
-**Collaborate** – Allows end users to see all records and create new records. But they can only edit or delete their own records. An example for when you want to use collaborate is "up votes" in the Ideas the Perspectives app. You want each user of the app to view the up-votes of other users. But they shouldn't be able tor change the votes for any users other than their own.
47
+
-**Reference** – Provides a read-only view of data. Users can't create, edit, or delete any records. An example is in Bulletins app—if you want users to read bulletin records but not edit them, you'd give them **Reference** permission on the **Bulletin** table.
48
+
-**Private** – Users can create new records. Additionally, they can view, edit, or delete their own records only. An example is in the Issue reporting app—if you want users to only be able to create and see their own issue records in Dataverse, you'd give them **Private** permission on the **Issue Report** table.
62
49
63
-
2. Create an app and table in Team with a Dataverse for Teams database:
50
+
## Table permissions in real-world scenario
64
51
65
-
1. Right click on the Power Apps icon and pop out the app.
52
+
Let’s take a look at how table permissions work in practice. We'll create a table, and then show what two different users see.
66
53
67
-
2. Create a new app
54
+
> [!NOTE]
55
+
> To complete this part of the lesson, you'll need an environment with two user logins. One of them having the team owner role and another with team member (a member of the team but not granted owner role)
68
56
69
-
3. App name: Vehicle Manager
57
+
1. Sign in to Teams as the Team owner.
58
+
1. Create an app and the table in team with a Dataverse for Teams database.
59
+
1. Right-click on the Power Apps icon and pop out the app.
60
+
1. Create a new app.
61
+
1. App name: "Vehicle Manager"
62
+
1. Select **Create new table** and name it "Vehicle".
1. Select the area outside of the table definition screen to return to the app.
80
79
81
-
Your table should now look like this:
80
+
1. Save and Publish the app. You'll need to select a channel in which the app will be displayed—select **+** next to the desired channel name to select the channel.
c. The owner field of the created record will reflect your logged-in user
92
-
account.
93
-
94
-
2. Select the area outside of the table definition screen to return to the app.
95
-
96
-
3. Save and Publish the app. You will need to select a channel in which the app will be displayed—select the **+** next to the desired channel name to select the channel.
97
-
98
-
## Granting Permissions to the tables
82
+
## Granting permissions to the tables
99
83
100
84
We are going to set the permissions for the vehicles table for Team members:
101
85
102
-
1. In Microsoft Teams, open the **Power Apps** app. Right mouse click on the Power Apps icon in Microsoft Teams and select **Pop out app**. This will pop out the app in a new window, so if you navigate somewhere else in Teams you won’t lose your changes.
86
+
1. In Teams, open the **Power Apps** app. Right mouse click on the Power Apps icon in Teams and select **Pop out app**. This will pop out the app in a new window, so if you navigate somewhere else in Teams you won’t lose your changes.
103
87
104
88
2. Select the **Build** tab.
105
89
@@ -130,10 +114,10 @@ observe their experience.
130
114
131
115
6. You should now see one record in the gallery.
132
116
133
-
Log out of Microsoft Teams and log back in as the Team owner. We will now go to
117
+
Log out of Teams and log back in as the Team owner. We will now go to
134
118
the table and see the created data.
135
119
136
-
1. Log in to Microsoft Teams using using the Team owner personal.
120
+
1. Log in to Teams using using the Team owner personal.
137
121
138
122
2. Right click on the Power Apps icon and pop out the app.
139
123
@@ -150,7 +134,7 @@ the table and see the created data.
So how would this apply to one of the Power Apps templates for Microsoft Teams?
137
+
So how would this apply to one of the Power Apps templates for Teams?
154
138
155
139
For example, with Bulletins we might set the following permissions for the tables in the app:
156
140
@@ -172,7 +156,7 @@ the table and see the created data.
172
156
173
157
Before assigning permissions, you should plan your security based on the personas of users of your app. Who will administer the app? Who will use the app? How will they use it?
174
158
175
-
For example, the Inspection Power apps template for Microsoft Teams is designed to address the following personas:
159
+
For example, the Inspection Power apps template for Teams is designed to address the following personas:
176
160
177
161
- Inspection manager: creates Inspection forms and manages the list of locations or assets.
178
162
@@ -190,6 +174,22 @@ Once we have the personas defined, relate these personas to the team role to whi
190
174
191
175
## Learn more:
192
176
193
-
For more details on recommended table permissions for the Power App templates for Microsoft Teams, see the following topics:
177
+
For more details on recommended table permissions for the Power App templates for Teams, see the following topics:
178
+
179
+
-[Deploy Profile + as broad distibution app](deploy-profile-plus-broad-distribution.md)
0 commit comments