Add users and roles within an environment

Completed

After you have created an environment, users from Microsoft Entra ID that are associated with your tenant and have a selected security role are automatically added to the environment.

Tip

It might take several hours to add all users if you have a large number of them.

User security roles control a user’s access to data through a set of access levels and permissions. The combination of access levels and permissions that are included in a security role sets limits on the user’s view of and interactions with that data. When we created our environment earlier in this module, we could add an existing security role.

Security roles can also be associated with a Microsoft Entra ID group. We recommend that you create Microsoft Entra ID groups and associate roles with those security groups to simplify permissions and data access.

Tip

The user security roles control run-time access to data and are separate from the environment roles that govern system administrators and environment makers. The two environment roles that are built into every environment are System Administrator and Environment Maker. All other roles are user security roles.

An administrative user who has been added to the System administrator role uses the following steps to assign new groups or users to the environment and security roles within that environment:

  1. Sign in to the Power Platform admin center.

  2. Select the environment that you want to administer.

  3. In the Access pane in the top right of the chosen environment's dashboard, verify that a user already exists in the environment by selecting See all under Users.

  4. If an existing user needs to be added to the environment, you can add the user here in the Microsoft Power Platform admin center. Add the user by selecting the Add user button and then entering the user’s name or email address.

    As you begin to type, the search box narrows and auto-suggests options until you find the one you're looking for. Note the User access requirements as you begin your selection. If you have enabled the user in Microsoft Entra ID, given them an active license, and they're already a member of the environment's security group, then their name appears as an option to add to this environment. (Else you may see them, but can't add them.)

  5. Once you have a user in the entry field, select the Add button and wait for a few moments for confirmation, then select at least one other security role for the new user, then Save.

    Screenshot of Manage security roles.

    Once you save your changes, you receive a confirmation at the top of your Users screen that the user has been added and security roles have been updated for that user.

  6. Refresh your Users screen by selecting the Refresh button in the admin center command bar.

  7. Select the user's name from the list of users in the environment. A tab opens on the right side of your screen with the details of that user account. You can see the Roles listed below the User Name.

  8. There's a Manage Roles link at the bottom of the Roles. Select it.

  9. The same Manage security roles panel appears on the right side of the screen. Let's assign the user to a System Administrator role. We can scroll down the list and locate System Administrator and then check next to the role name.

    Screenshot of assigning the role System Administrator.

  10. Then select Save to update the assignments to the user within that environment. The user pane reappears and lists the updated role of System Administrator underneath the Roles.

    Screenshot of assigning a role and selecting OK.

    One of the advantages of using Dataverse is the variety of predefined security roles available. You can learn about the many different options in Predefined security roles. Dataverse also lets you create a custom security role. Let's cover how to do that next.

Create a custom security role

If you need a custom security role, you can easily create a new security role in your environment with the following steps.

  1. Sign in to Power Platform admin center.

  2. Select the environment.

  3. In the Access section, select See all under Security Roles.

  4. Select New role at the top left of the command ribbon.

  5. A Create New Role pane appears from the right side of the screen. Add a Role Name, select a Business unit and then select Save. (You could change the options for Member's privilege inheritance, but this step is unnecessary.) This creates a role with a minimum level of permissions in the environment. The next step is for you to give it access to data.

    Screenshot of Role Name and settings for new role.

  6. The new role pane disappears, and your screen now shows a permissions screen with a list of tables for customizing for your new role. You can customize the behavior of this role down to individual tables. Select a table, then adjust any of the permissions under the various options, including Create, Read, Write, Delete, Append, Append to, Assign, and Share. The search field at the top right of the screen can help you find any table you're looking for quickly.

    Screenshot of Security Role: New Security Role settings for each entity.

  7. Once you're satisfied with your changes, select Save and close at the top.

You can edit or modify any of your existing security roles by using the same technique. Find and select the role from the Security Roles to bring up the permissions screen.

You have now added user permissions and created a custom security role!