Data security

Sustainability initiatives often involve the collection and analysis of sensitive data. This data can include energy consumption patterns, waste management data, and data gathered from supply chain providers. Ensuring data security prevents unauthorized access, data breaches, and protects the privacy of individuals and organizations involved.

Within Microsoft Sustainability Manager, it's crucial to use the role-based access control capability. Role-based access control defines and determines who can view, edit, or approve Sustainability Manager data and reports within an organization. For example, an emissions analyst might be assigned the role to edit and submit the ESG data. A compliance report writer could only have the privileges to view and approve the reports.

As Microsoft Sustainability Manager is built on Dataverse, organizations can take advantage of the built-in role-based access control capabilities. Organizations can define roles, assign permissions, manage role membership, control data visibility, and enforce security policies. In addition, organizations can also further configure and extend prebuilt sample roles. The security roles can further control access to data and the user interface (menus, grid views, forms, and embedded Power BI reports).

To learn more about role-based access control capabilities in Dataverse, go to Security concepts in Microsoft Dataverse.

Design considerations

Review the following design considerations while configuring role-based access control in Sustainability Manager:

• Identify business units in the organizations and create a plan to segment access by role or department.

• Group related business/operation users and configure Microsoft Entra groups as teams.

  • Identify the users who perform the data ingestion and provide the related security role.
  • Identify the users who configure the scorecards & goals and provide the relevant security role.

• Always follow the least privileged access required for each user/team role to perform their tasks.

• Copy the prebuilt sustainability roles to extend/modify them based on the organization's structure and its operations.

  Note

  Creating roles without copying from the prebuilt roles can cause potential issues due to missed privileges.

To learn more about role-based access control capabilities in Microsoft Sustainability Manager, go to Set up user roles and access management.

Next steps

• Data auditing and traceability for Microsoft Sustainability Manager