Create a custom role

Microsoft Dataverse has many standard default roles, but there might be times when you want to define a custom security role. Dataverse supports the following eight different record-level privileges that can be used to define how a user interacts with data for one or more tables for use in building a custom role. The available record-level privileges for custom roles include:

Create - Required to make a new record. The records that can be created depends on the access level of the permission that is defined in your security role.

Read - Required to open a record to view the contents. The records that can be read depends on the access level of the permission that is defined in your security role.

Write - Required to make changes to a record. The records that can be changed depends on the access level of the permission that is defined in your security role.

Delete - Required to permanently remove a record. The records that can be deleted depends on the access level of the permission that is defined in your security role.

Append - Required to associate a record with the current record. For example, if a user has Append rights on an opportunity, the user can add a note to an opportunity. The records that can be appended depends on the access level of the permission that is defined in your security role.

Append To - Required to associate the current record with another record. For example, a note can be attached to an opportunity if the user has Append To rights on the note. The records that can be appended to depends on the access level of the permission that is defined in your security role.

Assign - Required to give ownership of a record to another user. The records that can be assigned depends on the access level of the permission that is defined in your security role.

Share - Required to give another user access to a record while keeping your own access. The records that can be shared depends on the access level of the permission that is defined in your security role.

These record-level privileges can be grouped as needed and associated with a custom role. That custom role can then be applied to one or many tables as needed.

Tip

Roles can be copied so you can quickly create similar roles that might be slightly different. 

Create a custom security role and assign to tables and users

This lab will show you how to create a new role and associate that role with a custom table. Then, you can associate users to the new role so they can access the data in the custom tables as needed.

To grant access, you will need to do the following:

  • Create a new user security role or amend an existing user security role to include settings for the custom table.

  • Assign users to the security role.

To get started, use the following steps to create a new security role.

  1. Sign in to Power Apps as an administrator.

  2. Select the gear icon in the menu and select Admin Center.

  3. Select the environment name of the environment you would like to administer.

  4. Select See all under Security Roles in the Access section on the right.

  5. Select New role in the menu bar, which will open the security role designer.

  6. Enter a name for your security role in the Role Name field.

    Screenshot of Add New Security Role dialog box.

  7. Locate the tables that your app uses by selecting each tab in the security role designer. If your tables are custom, they will be under the Custom Tables tab.

  8. When you have located your tables, select the privileges that you want to grant your users, such as Read, Write, Delete, and so on. Select the scope for performing that action by selecting the name of the table. Scope determines how deep or high within the environment's hierarchy that the user can perform a particular action.

    Screenshot of assigning permissions to a role.

  9. Select Save and Close.

Congratulations, you have created a new custom security role. Next, you will assign users to this role.

To assign a user to a security role, you need to be a member of the System Administrator role in the current environment and then follow these steps:

  1. Sign in to Power Apps as an admin, select the settings gear, and then select Admin Center.

    Screenshot of Select Admin Center Menu Option.

  2. In Power Apps admin center, select the environment where you want to update a security role.

  3. Select See all under Users in the Access section on the right.

  4. Verify if the user(s) already exists in the environment. If the user is not on the list, go to step 5. Otherwise, you can skip to step 6.

    Screenshot of Admin Center - List Of Users Hyperlink.

  5. In case a user does not exist in the environment, you can add the user by selecting the Add user button and entering the user's email address in your organization.

  6. After you know the user(s) whom you want to assign a security role to exists in your environment, select their username.

  7. Select Manage Roles at the top.

    Screenshot of Manage Roles at the top of the List of Enabled Users.

  8. In the Manage User Roles dialog box, in the Role Name section, select the check boxes next to the role(s) that you created in the previous section and make sure to also select the Dataverse User role (if it wasn't already). The Dataverse User role must be assigned to any user who wants to use your app or access Dataverse.

    Screenshot of Manage User Roles dialog box.

  9. Select OK to assign the role(s) to the user that you selected.