Manage Dynamics 365 model-driven app settings and security

 Introduction

Microsoft business applications are intelligent solutions that supply a comprehensive view of an organization’s business. These solutions include the Microsoft Dynamics 365 products that are connected by data and intelligence and are supported by Microsoft Power Platform.

  Proper controls on access to data are a vital part of any business. When you understand the security architecture of Dynamics 365 model-driven applications, you can more easily customize security to fit the requirements of your business.

Security in Dynamics 365 is based on security roles, which are created within business units.

• A Business unit is all or part of an organization.

• A security role is a collection of privileges and access levels defined by entity.

• Privileges allow users in a role to take actions on records in an entity.

• Access levels determine the scope of entities and records a user can take actions on, from most restrictive to least restrictive.

Configure role-based security

The security model focuses on grouping a set of privileges together that describe the responsibilities for a user. 

When you set up security roles in a Dynamics 365 model-based app, you can restrict access so users only have the information they need to fulfill their role, and nothing more.

Dynamics 365 model-driven app security can be controlled in the Security section of Settings. 

the Power Platform and Dynamics 365 security model is comprised of two key principles: privileges and access levels.  

Privileges

A privilege is a permission to perform an action in Dynamics 365.

 Power Apps and model-driven apps use different record-level privileges that are in following ways: 

1) Create : Required to make a new record.

2) Read : Required to open a record to view the contents. 

3) Write : Required to make changes to a record. 

4) Delete : Required to permanently remove a record. 

5) Append : Required to associate the current record with another record.

6) Assign :  Required to give ownership of a record to another user. 

7) Share : Required to give access to a record to another user while keeping your own access. 

Access levels

The following lists the levels of access in Dynamics 365 model-driven apps, starting with the most access. 

• Global 

• Deep 

• Local

• Basic 

• None 

                                

Configure a security role

A user’s experience in the application is the combined result of their defined security roles and team memberships as well as app licenses. Using security roles to limit a user’s access to records can improve their in-app experience by removing clutter that is not part of their requirements.

The following graphic shows the security roles for a Salesperson. Clicking each individual circle in the column of privileges will change the access level.