Role-based security
One key feature of Dataverse is its rich security model that can adapt to many business usage scenarios. This security model is only in play when a Dataverse database exists in the environment. As an administrator, you likely won't build the entire security model. However, you might be involved in managing users and ensuring that they have the proper configuration, and you might need to troubleshoot security access-related issues.
Role-based security
Dataverse uses role-based security to determine what actions a user can perform in Dataverse, such as:
Create
Read
Write
Delete
Append
Append to
Assign
Share
The following image shows the default Basic User security role privileges for the Account table.
These actions make up the privileges of a security role.
After you define a security role in the environment, you can:
Associate it directly with users.
Associate it with Dataverse business units and teams.
Individually assigning security roles to users can be a tedious process for groups of users. Instead, you can associate a security role with a team and then add all users to the team. After you assign a user to the team, they receive the security role's privileges. Often, organizations use this approach to accelerate the assignment of security roles to groups of users.
A key concept of Dataverse security is that privileges are accumulative across all assigned security roles, with the highest privilege access winning. For example, a user has the following two security roles:
One with delete privileges but not the write privilege
One with write privileges but not the delete privilege
As a result, this user can delete and write in the environment because the two security role privileges are accumulated.
The next unit discusses business units and teams, and how you can apply security roles to them.