Security Model for Dataverse Records Access

Correct Answer: C

The Business unit security model is the basis for Dataverse security.

The model controls access to the data using security roles, teams, and users.

By linking all of them together, you are getting a role-based security model.

By default, the Organization is a top-level of a business unit hierarchy.

Each business unit has a default team.

You cannot change or delete the default team.

You must assign every user to only one business unit.

The business unit security model uses security roles to assign them to the users or teams.

A team also can consist of users from different business units.

Option A is incorrect because the Hierarchical security model is based on who reports to whom.

According to this model, the user can have read and write access to the data of the people who report to the user.

And the reportees have access to the data of people who report to them, etc.

In this task, the security model is defined by the business unit's boundaries.

Option B is incorrect because the Organization is a privilege access level.

This role can view all accounts in all business units of the organization.

The access level is a part of the security model, but it is not a security model.

Option D is incorrect because the Teams is a grouping of the users that you can assign the security roles to.

The teams are part of a security model, but they are not a security model.

Option E is incorrect because the Azure AD groups are one of the Teams types, but it is not a security model.

For more information about Dataverse business unit's security, please visit the below URLs:

To address the security requirements of the company and provide access to data based on roles and responsibilities, we can use the "Dataverse records access" security model. This security model can be implemented using various approaches, such as hierarchical, organization, business units, teams, and Azure AD groups.

Here's how each of these options can be applied to meet the requirements:

A. Hierarchical: This approach is not suitable for the given scenario as it only supports a parent-child relationship between the business units, which does not match the department structure of the company.

B. Organization: This approach provides a single security boundary that can be applied across the entire organization. However, it doesn't support the specific department-level access requirements that the company needs.

C. Business units: This approach can be used to create separate security boundaries for each department, such as Sales and Operations. However, it doesn't address the need for cross-departmental access by the Accounting manager.

D. Teams: This approach can be used to create teams for each department and provide access based on roles and responsibilities. For example, we can create Sales East, Sales West, Sales Central, Accounting, and Engineering teams. The Sales manager can be added to all Sales teams, while the Accounting manager can be added to all teams to access data from all departments. Additionally, we can provide read-only access to Engineering data to the Sales manager by adding them as a read-only member to the Engineering team.

E. Azure AD groups: This approach can also be used to create Azure AD groups for each department and provide access based on roles and responsibilities. We can create groups such as Sales East, Sales West, Sales Central, Accounting, and Engineering. The Sales manager can be added to all Sales groups, while the Accounting manager can be added to all groups to access data from all departments. Similarly, we can provide read-only access to Engineering data to the Sales manager by adding them as a member of the Engineering group with read-only permissions.

In conclusion, the Teams and Azure AD groups approaches would be suitable for the given scenario to meet the security requirements. However, based on the company's existing infrastructure, one of the approaches may be more feasible than the other.