A company asks you to help design security roles for its Field operation department.
The department has a manager, field engineers that support customers from the office, and mobile field engineers who use mainly a mobile to access the company's Power Platform solutions.
What should be your strategy for the security role design for mobile field engineers?
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.Correct Answer: C
Power Platform provides out-of-the-box security roles that are Position-specific, like Salesperson.
If users required some specific access needs for the Salesperson, they could use the Salesperson role as a basic role and make security access modifications.
But in this case, you will create a specific role for one person.
Such an approach is not efficient and, on a large scale, can make security roles management difficult.
As a Solution Architect, you have three strategies for defining the security roles: Position-specific, Baseline + Position, and Baseline + Capability.
The position-specific approach is based on the creation of a single role specifically for the position.
The Power Platform's out-of-the-box set of typical roles, like the Salesperson, are position based.
Another approach is to define the baseline for all employees or department teams.
First, you can select a Basic User role for a baseline role.
Then, you can define the security access for certain positions on top of the baseline role, like the baseline + additional security settings for a field engineer position.
Suppose you have a specific group (e.g., mobile field engineer) that requires additional capabilities, like mobile access.
In that case, you can add another layer on top of the previous layer (e.g., field engineer)
Therefore, you need to use the Baseline+Capability approach for the mobile field engineers.
All other options are incorrect.
For more information about the strategies for security roles definitions, please visit the below URLs:
When designing security roles for the mobile field engineers of a company's Field operation department, the most suitable strategy would be to use a combination of "Baseline + Capability" security roles.
This approach involves defining a set of baseline security roles that provide a minimum level of access to all users, combined with additional roles that grant specific capabilities based on the user's job responsibilities.
For mobile field engineers, the baseline security role might include access to basic functionality of the Power Platform solutions, such as viewing and updating customer data. Additional capability roles could be created to provide access to features that are specific to the mobile field engineers' tasks, such as the ability to schedule service calls, view work orders, and track equipment inventory.
Using a baseline + capability approach allows the security roles to be customized to meet the unique needs of each role within the organization, without the need to create entirely new roles for each individual position. This approach also simplifies the management of security roles, as changes can be made to the baseline roles and applied to all users, while individual capability roles can be added or removed as needed.
Position-specific roles (Option A) would be too granular and could lead to a complex and unmanageable security model. Business unit roles (Option B) would not be appropriate for mobile field engineers who may work across multiple business units. Teams (Option D) and Organization roles (Option E) are too broad and do not provide enough granularity to properly secure specific functions or tasks.
Baseline + Position (Option F) is a valid approach but it does not take into account the unique capabilities required by mobile field engineers, which could lead to over-permissioning or under-permissioning of users. Therefore, the Baseline + Capability approach is the most appropriate strategy for this scenario.