You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: powerapps-docs/developer/data-platform/security-access-rights.md
+9-6Lines changed: 9 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
title: "Data operations and access rights (Microsoft Dataverse) | Microsoft Docs"
3
3
description: "Describes the access rights needed for specific data operations."
4
4
ms.custom: ""
5
-
ms.date: 03/11/2021
5
+
ms.date: 02/26/2024
6
6
ms.reviewer: "pehecke"
7
7
8
8
ms.topic: "article"
@@ -18,7 +18,7 @@ search.audienceType:
18
18
19
19
Let's talk about the data operations that you can perform and the access rights required for each. The following table lists the messages that correspond with common data operations and the access rights required to execute those messages.
20
20
21
-
|Message(s)| Access rights required |
21
+
|Messages| Access rights required |
22
22
|---|---|
23
23
|**Create**| CREATE |
24
24
|**Retrieve**, **RetrieveMultiple**| READ |
@@ -31,11 +31,11 @@ Let's talk about the data operations that you can perform and the access rights
31
31
32
32
## Dependencies between access rights
33
33
34
-
Sometimes, security dependencies exist because it is necessary to have more than
34
+
Sometimes, security dependencies exist because it's necessary to have more than
35
35
one access right to perform a given action. For example, if you have the
36
36
**create** access right for accounts, you can create a record of the account
37
37
table type. However, unless you also have **read** access for accounts, you
38
-
cannot create an account record and be the owner of that new record.
38
+
can't create an account record and be the owner of that new record.
39
39
40
40
The following table lists the access right dependencies for the actions
41
41
specified.
@@ -44,12 +44,15 @@ specified.
44
44
|---|---|
45
45
| Create a record and be the record owner | CREATE, READ |
46
46
| Share a record | SHARE. This right is required by the person doing the share operation.<p/> READ. This right is required by the person doing the share operation and also by the person with whom the record is being shared.|
47
-
| Assign a record | ASSIGN, WRITE, READ |
47
+
| Assign a record | ASSIGN, WRITE, READ <sup>1</sup> |
48
48
| Append to a record | WRITE, READ, APPENDTO |
49
49
| Append a record | WRITE, READ, APPEND |
50
50
51
+
<sup>1</sup> To provide granular level control on whom a record can be assigned to, switch the **AssertOwnershipAppendToAccess**[orgdbsettings](/power-platform/admin/environment-database-settings#install-the-organizationsettingseditor-tool) to **true**. This setting additionally requires the caller to have **AppendTo** access on the assignee (the user/team record being assigned as the owner).
52
+
When [record ownership](/power-platform/admin/wp-security-cds#record-ownership-in-modernized-business-units) in modernized business units is enabled, and **OwningBusinessUnit** is being changed, the caller is required to have **AppendTo** access on the new business unit.
53
+
51
54
Another type of dependency exists when objects are subordinate to another
52
-
object. For example, the opportunity object cannot exist on its own. Each
55
+
object. For example, the opportunity object can't exist on its own. Each
53
56
opportunity is always attached to an account or contact. To create an
54
57
opportunity, you must have the access right **appendto** on accounts and the
0 commit comments