Blog

You are currently viewing Building a Model Driven App Part 6-Security

Building a Model Driven App Part 6-Security

2/17/2023

The Why

Security is of paramount importance when building an app with the Power Platform. To ensure that the built-in security features, such as role-based access controls and column level security, are properly implemented, it is essential to follow the security guide written during part 1.

The How

Role Based Access (RBAC)

Security Roles

Security roles in Power Platform Admin Center are permission sets defining user actions. Each role is a collection of permissions, and users can be assigned multiple roles. When a user is assigned a role, they have access to permissions and can take corresponding actions. Security roles are managed by Tennant and Environment System Admins.

  1. Select Security Roles
  2. Find the Basic User Role and select Copy
  3. After the role has been copied select the role and select Edit
  4. Find the customer Requests table and update the permissions

    💡 For this example I have given full CRUD to the users. Please ensure security roles align correctly

  5. Navigate to the Business Process Flows Tab
  6. Ensure the BPF built in step 4 is allowed
  7. Save and Close the role

Teams

Teams in the Power Platform Admin Center are groups of users with similar roles or needs. Each team is assigned security roles that determine the actions they can take. This grants granular control over access rights, ensuring users can only perform intended actions. Teams also make it easy to manage access rights, adding and removing users as needed.

💡 Note: This is not the same thing as a MS Team

  1. Within the Power Platform Admin Center
  2. Select the Environment to edit and select Settings
  3. Select Teams
  4. Create Team
  5. Connect the team to a AAD Office Group to simplify the addition or removal of users to the team.
  6. Press the Next Button to assign a security role.
  7. Select the Security role that was configured above.

Column Level Security (CLS)

Column Level Security (CLS) is a feature of the Power Platform that allows users to set permissions on individual columns of a data table. With CLS enabled, users are only allowed to view, edit, or delete data from the columns they have access to. This provides an added layer of granular security to the app, ensuring that users only have access to the data they are allowed to view or modify. CLS can be set up in the Power Platform Admin Center, where admins can assign roles to the columns, granting the appropriate access rights.

  1. From the environment settings page select Column security profiles
  2. Select New
  3. Give the role a distinct name
  4. Select the newly created role.
  5. A list of columns that have had security enabled will be displayed
  6. Find the column created in an earlier stage
  7. Select Edit and give it the appropriate permissions.
  8. The last step will be to align the role with a team or add users directly to the role

Resources

Tags: ,

Leave a Reply