Simplifying User Addition for Sales Team Access
Question
A company asks you to help with the Power Platform security solution for the sales team that would significantly simplify the addition of the new users.
The company wants to provide access to sales tables and records when a new salesperson joins the company.
Please select the first step that you would advise the company to take to accomplish this requirement.
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answer: D
The Dataverse security defines the three types of teams: Owner - this team owns the record and gives direct access to the team's members.
Access - this team helps members to share a row in a form.
Azure AD group - this team's membership is controlled by Azure AD.
It has a similar behavior as the Owner team.
All users accessing Dataverse data are authenticated by Azure AD.
The Dataverse provides a robust security model using business units, RBAC, and teams.
Azure AD groups take the team membership control on the Azure AD level.
The use of the Azure AD groups significantly simplifies adding or removing the Power Platform users.
There are two types of Azure AD groups: Security and Office.
The Security group members can be users, devices, service principals, and other AD objects.
This group type provides access to the applications, resources, and assigns licenses to the group's members.
The Office group members are users only.
This type is created for a collaboration using mailboxes, calendars, SharePoint, etc.
You can use both of these groups for registration within the Dynamic 365 team.
You can create an Azure AD group using Microsoft Office 365 Admin Center or Azure portal.
In the Azure portal, open the Azure Active Directory and select the Groups item in the Manage section.
On the next screen, select the New Group and create a new group.
After you create a new group, open it, and on the Overview screen (Number 1), copy the Object ID GUID (Number 2).
![Microsoft Azure © Search resources, services, and docs (G+/)
22 Dashboard > > Groups >
+ o sales *
R Group
whi « il] Delete %z| Preview features QD Got feedback?
= @ Overview
i . (¥) This page includes previews available for your evaluation. View previews
a Diagnose and solve problems
f Manage
= sales
(s) il Properties
sales team
Members
Owners
Membership type Assigned ny
Administrative units
@ 1% Group memberships Source Cloud a)
= a Applications Type oy Copy to clipboard
e .
% ae Seen Object Id 35a0ae0e-c823-4e86-877e-3367dc0e8cb6
= © Azure role assignments
Creation date 5/26/2021, 9:42:07 PM Th
si Activity
® v= Access reviews
iS) Audit logs Direct members
¢ & Bulk operation results a O User(s) EB 0 Group(s) Lil 0 Device(s) ® O Other(s)
© Troubleshooting + Support Group memberships Owners
2 a New support request aa 0 A 0
)](https://eaeastus2.blob.core.windows.net/optimizedimages/static/images/Microsoft-Power-Platform-Solution-Architect-(PL-600)/answer/imgckeditor_17.jpg)
Then open the classic Power Apps interface by selecting the Advanced settings under the Settings icon.
On the classic screen, select the Security item from the Settings dropdown and, next, select the Teams.
Then click on the New button from the toolbar.
The portal opens a new screen for New Team.
You need to provide a Team name (Number 1), select an administrator (number 2), select the Team Type (Number 3)
The team type should be the same as the type you selected when created the Azure AD group.
And, finally, you need to provide an ObjectID GUID for the Azure AD group (Number 4)
This will link the Dynamics 365 (Dataverse) team with the Azure AD group.
/answer/imgckeditor_17.2.jpg)
After creating the Dataverse security team, you can create a role and assign it to the team.
All other options are incorrect.
For more information about Azure AD group security, please visit the below URLs:
Sure, I'd be happy to explain each option in detail.
A. Create Dynamics 365 new Sales team: This option suggests creating a new Sales team in Dynamics 365, which can be used to group sales-related records and tables in the system. However, it does not address the requirement of simplifying the addition of new users. Additionally, it may not be necessary to create a new Sales team if one already exists.
B. Create a new security role with access to sales data: This option suggests creating a new security role in the Power Platform that grants access to the necessary sales tables and records for the sales team. This is a good first step as it addresses the requirement of providing access to sales data, but it does not address the need to simplify the addition of new users.
C. Set the ownership of the sales tables to Organization: This option suggests changing the ownership of the sales tables to the organization, which means that all users in the organization will have access to those tables by default. However, this approach is not recommended as it may lead to security risks, as not all users in the organization may need access to the sales data. Additionally, it does not address the need to simplify the addition of new users.
D. Create Azure AD group: This option suggests creating an Azure AD group, which can be used to simplify the addition of new users by allowing them to be added to the group instead of individually. This is a good first step as it addresses the requirement of simplifying the addition of new users. However, it does not address the requirement of providing access to sales data.
E. Assign new role to the Sales team: This option suggests assigning the new security role created in option B to the Sales team. This is a good approach as it addresses both requirements of providing access to sales data and simplifying the addition of new users. By assigning the new security role to the Sales team, all members of the team will have the necessary access to sales data, and new users can be added to the team instead of individually.
In summary, the best first step to accomplish the requirement of providing access to sales data and simplifying the addition of new users would be to create a new security role with access to sales data (option B) and then assign it to the Sales team (option E). Additionally, creating an Azure AD group (option D) would also be a good step to simplify the addition of new users.