Dataverse Records Access Security Model for Microsoft Power Platform Solution Architect Exam PL-600

Implementing Security Model for Dataverse Records Access

Question

A company has two departments: Sales and Operations.

The Sales department divides its salespeople into East, West, and Central teams.

The Operations department has two groups: Accounting and Engineering.

The company asks you to help with the security model for their departments.

The company has the following requirements: The Accounting manager needs to have access to the data of all departments. The Sales manager must have access to all sales data and read-only access to Engineering data. What security model for the Dataverse records access will you propose to implement?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

Correct Answer: C

The Business unit security model is the basis for Dataverse security.

The model controls access to the data using security roles, teams, and users.

By linking all of them together, you are getting a role-based security model.

By default, the Organization is a top-level of a business unit hierarchy.

Each business unit has a default team.

You cannot change or delete the default team.

You must assign every user to only one business unit.

The business unit security model uses security roles to assign them to the users or teams.

A team also can consist of users from different business units.

Option A is incorrect because the Hierarchical security model is based on who reports to whom.

According to this model, the user can have read and write access to the data of the people who report to the user.

And the reportees have access to the data of people who report to them, etc.

In this task, the security model is defined by the business unit's boundaries.

Option B is incorrect because the Organization is a privilege access level.

This role can view all accounts in all business units of the organization.

The access level is a part of the security model, but it is not a security model.

Option D is incorrect because the Teams is a grouping of the users that you can assign the security roles to.

The teams are part of a security model, but they are not a security model.

Option E is incorrect because the Azure AD groups are one of the Teams types, but it is not a security model.

For more information about Dataverse business unit's security, please visit the below URLs:

To fulfill the requirements of the company, the proposed security model for Dataverse record access should use a combination of Business units and Teams.

Business Units: Business Units are used to organize data and users within an organization. They are used to partition data and provide access to the data based on the roles and responsibilities of users. In this scenario, Business Units can be used to partition data for Sales and Operations departments. This will help ensure that each department can only see data that belongs to them.

Teams: Teams can be used to provide additional access to specific data. They are used to group users together who need to access specific records. In this scenario, we can use teams to provide access to data based on roles within departments.

The proposed solution for the security model would be:

  1. Create two Business Units: Sales and Operations.
  2. Within the Sales Business Unit, create three Teams: East, West, and Central.
  3. Within the Operations Business Unit, create two Teams: Accounting and Engineering.
  4. Assign Salespeople to their respective Teams (East, West, and Central).
  5. Assign Accounting and Engineering members to their respective Teams.
  6. Assign Sales Manager to all Sales Teams (East, West, and Central) and provide them with read-only access to Engineering Team.
  7. Assign Accounting Manager to the Operations Business Unit, granting them access to all data.

With this proposed security model, the Sales Manager will have access to all sales data and read-only access to Engineering data. The Accounting Manager will have access to all data from all departments. Business Units will help to ensure that each department can only see their respective data, while Teams will be used to provide additional access to specific data based on roles within departments.