£199.99 £139.99 for one year of Unlimited learning. Offer ends on 14 November 2022 at 23:59 (UTC). T&Cs apply

Find out more
Security Overview
Skip main navigation

Security Overview

This module covers security in both CDS and Dynamics 365. We will explain how business units form an organisational hierarchy, identify the differences between the root business unit and other business units, we’ll explain how privileges and access levels are defined in the security roles to control access to records and application features, and differentiate between entity-based privileges and task-based privileges. We will identify the five access levels that are used in security roles as well as discuss how to use the default security roles.
We will look at defining the relationship between security roles and business units as well as review the best practises on how to configure a security model and discuss the reasons for teams and how teams are managed as well as the differences between owner teams and access teams.
In this video, I will provide an overview of setting up security for your users, teams, and organisations and show the flexibility provided by the Power platform. To configure an installation, you start by creating the business units and security roles that define the organisational structure. When CDS is deployed, the setup creates a root business unit that represents the primary organisational unit for the implementation that includes a set of default security roles. Additional security roles can be configured to specify the privileges that will be granted to users who do different jobs in different areas of the organisation. After the organisational structure and security model is configured, users are created and security roles are assigned to provide the privileges they require.
Users can also be grouped into teams that can be used to share records or personal views, charts, and dashboards and are used to refine the security model. Setting up the security model requires access to various systems as follows. The Microsoft Admin Portal is used to set up a user and assign licences, as can be seen here.
CDS Admin Portal is used to add users to CDS instance and assign a security role.
And finally, from within the Classic interface, you can go to Settings and select Security to access this view. From here, you can manage and create new security roles, manage and create teams, configure business units, and also carry out more advanced security modelling such as hierarchy security and access teams. Business units form a hierarchy that contains groups of users and teams and the records the users and teams own. The hierarchy provides security boundaries to control the scope of the user’s permissions.
This means that permissions can be granted to records so that users can perform different actions on records that are owned by other users or teams in the business unit from the actions they can perform on records that are located in other business units. Business units are also helpful when you consider your reporting requirements. Depending on the access level that are granted to users to read records, sometimes a single report can be used by several users in different business units to receive the results that they might have. This occurs because the records that are reflected in the report are filtered to only include the records that the user has access to.
If users have access to records for the whole organisation, you can use business units in the query of your report to philtre or categorise results. When you plan a CDS deployment, it might be helpful to refer to an organisational chart of the company structure. However, you do not have to replicate this in the business units. We recommend that you create only the business units that you must have to meet the security or reporting requirements of the business. Users need to be added in the Microsoft Admin Centre and a licence assigned to them. Once this is done, they can be added to CDS and appropriate security role assigned to them.
The security model provides access to records and features of the application. Users can access records and perform actions on those records that are appropriate to the job function. A key objective of any security model is to prevent unauthorised access or modification to data. And CDS’s security rights that you can figure also have a direct effect on the way the system behaves and is displayed to the user. If a user does not have access to a specific entity or application feature, reference to the entity or features are not visible in the user’s interface. By limiting access only to the areas a user must have, you can help make the user’s experience easier.
CDS uses a role-based security model to define the permissions that are suitable for a specific job role that is then assigned to users or teams. This model uses a combination of business unit to define the hierarchy of users and teams and security roles to define the privileges the user and team should be granted. The security permissions that are defined in each security role consist of privileges that describe the actions that are allowed to be selected or access levels that describe where the privileges apply. The permissions are displayed in the form of using a series of icons, the key for which is included in the security role form as shown in the security role core records tab entity privilege.
Teams– a team is a group of users who worked together for a long time, such as a department of an organisation or a temporary, such as project teams. Whether to use teams in CDS is optional. There is no requirement that an organisation must create their own teams or do anything with the default teams. There are two types of teams, owner teams and access teams. Owner teams can be assigned security roles and therefore own records. Access teams cannot have security roles and cannot own records, although records can be shared with the access team. Although an owner team can be converted to an access team, you cannot do this the other way around.
Access teams are mainly intended for use with access team templates. Let’s look at hierarchy security. There are two options here. Manage– a manager must reside in the business unit or in the parent business unit of the persons they directly or indirectly manage. Then there’s position– does not use the direct report model. A user position defines who has access to the data. And the position allows spanning business units. You can only choose one security hierarchy, manage or positions. Let’s look at an example of a manager hierarchy. As you can see, based on direct reporting structure, users manage a field on the system user entity. Direct reports have read, write, append, and append to report data.
Non-direct reports only has read-only access to data. If we take a look at position hierarchy, we can see that the VP of sales has read, write, append, and append to the sales manager. And non-direct reports get read-only access to sales data. Continue through the training to get a more in-depth understanding of the flexibility of the security model.

In the previous step, we explored Working with Data Sources. Now, let’s go through a video on security in both CDS and Dynamics 365.

We will explain how business units form an organisation hierarchy, identify the differences between the root business unit and other business units.

Join the discussion

We discussed setting up security for your users, teams, and organisations and show the flexibility provided by the Power platform. Why do you think security is so important when designing applications in context to your working environment?

Use the discussion area below to let us know your thoughts. Try to respond to at least one other post and once you’re happy with your contribution, click the Mark as complete button to check the Step off, then you can move to the next step which is Security Model Building Blocks.

This article is from the free online

Dynamics 365: Using Power Platform Applications

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education