You design the security roles for the Power Platform solution.
What are two privileges that you can use in the design?
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answers: C and E
As Solution Architect, you need to understand the basis of the security role and its importance in the Dataverse security model.
Dataverse provides a flexible and robust security system.
Environment security is based on business units, security roles, and field security profiles.
The Business unit security model is the basis for Dataverse security.
The model controls access to the data using security roles, teams, and users.
By linking all of them together, you are getting a role-based security model.
The security role defines how a user accesses different types of records.
Each role has two privileges: Record-level - these privileges are tasks that users can apply to the table and table records.
They include eight tasks: Create, Read, Write, Delete, Append, Append To, Assign, and Share.
Task-based - these privileges grant users access to specific tasks, like assigning a manager to the user or approving knowledge articles.
The role privileges are cumulative.
If a user has several security roles, the user can use all the privileges that every role has.
Each of the tasks has an access level.
The access level defines the depth of the access in the business unit or organization for the role or user.
There are five access levels: Global or Organization, Deep or Parent: Child Business Units, Local or Business Units, Basic or User, and None.
This type of granularity works for record-level access.
For the task-based privileges, the access has only two settings: None and Organization.
The Dataverse provides two types of ownership for the standard custom tables: User or Team and Organization.
Organization-owned tables do not have Assign or Share privileges because both tasks require an owner to assign to or share.
There are no record owners for organization-owned tables.
All other options are incorrect.
For more information about the Dataverse security roles, please visit the below URLs:
When designing security roles for a Power Platform solution, privileges are used to specify what actions or operations a user with that role can perform on specific entities or records in the system. The following are brief explanations of the five privileges listed in the question:
A. Unit-based: This privilege grants access to a specific functional unit or module within the solution. For example, a user with a unit-based privilege for the Sales module can perform all the actions associated with that module, such as creating opportunities and quotes, but they may not have access to other modules like Service or Marketing.
B. Row-level: This privilege grants access to specific rows or records within an entity. For example, a user with a row-level privilege for the Accounts entity may only be able to access and edit accounts they own or are assigned to.
C. Task-based: This privilege grants access to specific tasks or actions within an entity or module. For example, a user with a task-based privilege for the Accounts entity may only be able to create or edit accounts, but not delete or share them.
D. Entity-level: This privilege grants access to an entire entity within the solution. For example, a user with an entity-level privilege for the Contacts entity may be able to perform all actions on all records in the Contacts entity, including creating, editing, and deleting them.
E. Record-level: This privilege grants access to specific records within an entity. For example, a user with a record-level privilege for the Opportunities entity may only be able to access and edit opportunities they own or are assigned to.
In summary, unit-based, row-level, task-based, entity-level, and record-level privileges are all used when designing security roles for a Power Platform solution to specify the level of access and control that users have over specific entities, modules, or records within the system.