Edit

Microsoft Dataverse teams management

  • Article

Using Microsoft Dataverse teams is optional. However, teams provide an easy way to share business objects and let you collaborate with other people across business units. Although a team belongs to one business unit, it can include users from other business units. You can associate a user with more than one team. This topic discusses the different types of teams and their various operations.

Tip

Check out the video: Administer application users, security roles, teams, and users in the Power Platform admin center.

Types of teams

Owner team: An owner team owns records and has security roles assigned to the team. A user's privileges can come from their individual security roles, those of the teams that they're part of or the ones they inherit. A team has full access rights on the records that the team owns. Team members are added manually to the owner team.

Access team: An access team doesn't own records and doesn't have security roles assigned to the team. The team members have privileges defined by their individual security roles and by roles from the teams they're members of. These members share records with an access team, and the team is granted access rights to the records. Access rights include Read, Write, and Append.

Azure AD group team: Similar to owner teams, an Azure Active Directory (Azure AD) group team can own records and can have security roles assigned to the team. Security and Office are two group team types, and they correspond directly to Azure AD group types. Group security roles can be assigned only for a specific team or for a team member with user privileges that include members' privilege inheritance. Team members are dynamically derived (added and removed) when they access an environment based on their Azure AD group membership. More information: Manage group teams

Note

You can assign security roles directly to owner teams and Azure AD group teams and users. The environment picker only recognizes users who are members of Azure AD group teams and users who have security roles assigned to them directly.

Team operations

Access your team's page

  1. Sign in to the Power Platform admin center.

  2. Select an environment, and then select Settings > Users + permissions > Teams.

A list of all of the teams in the environment is displayed.

Screenshot of a list of teams in an environment.

Create a new team

  1. Sign in to the Power Platform admin center.

  2. Select an environment, and then select Settings > Users + permissions > Teams.

  3. Select + Create team.

  4. Specify the following fields:

    • Team name: Be sure this name is unique within a business unit.

    • Description: Enter a description of the team.

    • Business unit: Select the business unit from the dropdown list.

    • Administrator: Search for users in the organization. Start entering characters.

      Note

      The Administrator field is only for reference and it doesn't have any special processing. You can use this field to restrict who can add and remove team members by registering a plug-in on the associate and disassociate APIs for the teammembership_association relationship. These actions can be enforced when the user is the administrator of the team. For more information, see the community sample code.

    • Team type: Select the team type from the dropdown list.

      Screenshot of settings for a new Dataverse team.

      Note

      A team can be one of the following types: Owner, Access, Azure AD Security group, or Azure AD Office group.

  5. If the team type is Azure AD Security group or Azure AD Office group, you must also enter these fields:

    • Group name: Start entering text to select an existing Azure AD group name.These groups are pre-created in Azure AD.
    • Membership type: Select the membership type from the dropdown list.

    Screenshot of settings for a new Azure AD team.

After you create the team, you can add team members and select corresponding security roles. This step is optional, but recommended.

Edit a team

  1. Sign in to the Power Platform admin center.

  2. Select an environment, and then select Settings > Users + permissions > Teams.

  3. Select the checkbox for a team name.

    Screenshot selecting a team.

  4. Select Edit team. Team name, Description, and Administrator are available for editing. To edit Business unit, see Change the business unit for a team.

  5. Update the fields as required, and then select Update.

    Screenshot of editing a team.

Manage team members

You can add and delete members from a team.

Note

Managing team members is allowed only for the Owner and Access team types. For Azure AD group teams, managing team members must be performed by an Azure AD admin.

  1. Sign in to the Power Platform admin center.

  2. Select an environment, and then select Settings > Users + permissions > Teams.

  3. Select the checkbox for a team name.

    Screenshot selecting a team.

  4. Select Manage team members.

  5. Do one of the following:

    • To add new team members, select + Add team members and then specify users.

      Screenshot of adding team members.

    • To delete a team member, select the user and then select Remove.

Note

Privilege requirement: To add or remove a team member from an owner team, the user needs to have more than or equal to the privileges that the team has. For example, if the team is assigned with a System Customizer security role, the user will need a System Customizer or a System Administrator security role.

Adding users with disabled status: By default, you can't add disabled users into your owner teams. If you need to add disabled users, you can enable the organization DB setting AllowDisabledUsersAddedToOwnerTeams using the OrgDBOrgSettings tool for Microsoft Dynamics CRM.

You can use plug-ins to manage team membership, example to add and to remove team members based on a certain business condition. Since there is a sequence of events that needs to be run in this business process, team membership process can only be run in asynchronous plug-ins.

Manage the security roles of a team

  1. Select the checkbox for a team name.

    Screenshot selecting a team.

  2. Select Manage security roles.

  3. Select the role or roles you want, and then select Save.

    Screenshot of managing security roles.

Delete a team

  1. Sign in to the Power Platform admin center.

  2. Select an environment, and then select Settings > Users + permissions > Teams.

  3. Select the checkbox for a team name.

    Screenshot selecting a team.

  4. Select Delete twice to confirm. Note that this action can't be undone.

Change the business unit for a team

See Change the business unit for a team.

See also

Change the business unit for a team Create a team template and add to an entity form
Manage group teams
About team templates
Add teams or users to a field security profile
About team templates
Entity relationship behavior