web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Dataverse security
Power Apps
Suggested Answer

Dataverse security

(1) ShareShare
ReportReport
Posted on by Kadd 467
Hi All !!
 
Hope you're doing good.
 
Not sure this is where i can post this but i can't find another place.
 
I'm currently testing Dataverse secuirty and data access and have problems.
 
Clearly, my account, which is system admin, can see and edit all the table. but when i use my user account (User1) , it doesn't see the tables.
 
What i'm trying to do is this ...
 
under the Root BU i have 2 others, one made for admins who can do everything and another with a Parent Child relationship for the departments.
 
I activated the "Owning Business Unit" feature and i would like, when i set this field to AllDpts BU, all the departments under it to be able to see (read only) all the records of the table.
And if i assign a record to a specific department, only this department can see and edit the record.
 
When i assign my User1 to the Admin BU. i see and can edit everything. This is good.
But when i assign my User1 to AllDpts BU, all the tables disappear. i have access to nothing. 
 
I created a custom role based on Basic User. I called it Basic Test 
 
and set it first at organisation level on my 2 tables, to see what happens.
But even if i change it to Business Unit or Parent Child.... result is the same. User1 cannot see the tables.
 
 
I changed the roles , the levels on the tables, assigned the record to the BU, recreated everything several times... nothing works...
 
 
Would someone have a little bit of time to help me on this ?
 
Thanks a lot in advance
 
Categories:
Microsoft Dataverse with Power Apps
I have the same question (0)
  • Suggested answer
    Haque Profile Picture
    Haque 3,096 on at
    Hi @Kadd,
     
    Yes, probably you are in the right place!! Let's check what's wrong with user1:
     
    The fact that User1 sees and can edit everything when assigned to the Admins BU but sees no tables when assigned to the AllDpts BU strongly suggests a security role or business unit assignment issue for the AllDpts BU.
    Here are the key areas to check and adjust:

    Security Roles Assigned to User1 in AllDpts BU:
    • Verify that User1 has at least one security role assigned in the AllDpts BU that grants read access to the tables. Without appropriate roles, the user will see no tables or data.
    • The roles assigned to Admins BU (like System Administrator) are very permissive, but the roles for AllDpts BU must explicitly include privileges on the tables.
    Role Privileges and Access Levels:
    • Check that the security roles assigned to AllDpts BU users include the necessary privileges (Read, at minimum) on the tables.
    • Ensure the access level for these privileges is set to Business Unit or Parent:Child Business Unit, so users in child BUs (departments) can see the records owned by AllDpts BU.
    User’s Business Unit Assignment:
    • Confirm that User1’s user record is actually assigned to the AllDpts BU in Dataverse. If the user is assigned to a different BU or the root BU, the roles and access may not apply as expected.
    Table and App Access:
    • Ensure the security roles assigned to AllDpts BU users include access to the tables and any model-driven apps or views they use. Lack of app or table access can make tables invisible.
    Testing with Elevated Role:
    • Temporarily assign User1 a known role with broad read access (e.g., Basic User or a custom role with read on all tables) in the AllDpts BU to verify if the issue is role-related.
    Business Unit Hierarchy and Role Scope:
    • Since AllDpts BU is a parent BU with child department BUs, roles with Parent:Child BU scope are needed to allow users in child BUs to see records owned by AllDpts BU.

    At the first place - let's do these troubleshoot and let me know.

     

    I am sure some clues I tried to give. If these clues help to resolve the issue brought you by here, please don't forget to check the box Does this answer your question? At the same time, I am pretty sure you have liked the response!

     

  • Kadd Profile Picture
    Kadd 467 on at
    Hello @Haque,
     
    Thanks a lot for your answer.
     
    I checked everything you mentionned.
     
     
    Security Roles Assigned to User1 in AllDpts BU:
    The user has exactly the same roles than the AllDpts BU (Basic user and Basic Test - which is a copy of Basic User with Parent-Child access on the table). I checked the user, the BU's default team and in the security role members, i added User1 and AllDpts BU...to be sure....
     
    Role Privileges and Access Levels:
     
    I assigned Parent-Child for Create/ Read/ Write, the rest is set to None
     
    User’s Business Unit Assignment:
     
    User1 is Owner or the row where AllDpts BU is part of the Owning business unit
     
     
    Table and App Access:
     
    I don't have a model driven app on the table, i plan on creating a PowerApp. but I create a public view which show exactly what you see at the previous step. but i'm not sure i understand what you mean ...if the seccurity role is set on the table, it has access to the views, isn't it ?
     
    Testing with Elevated Role:
     
    as said it i use system admin or environment maker it works... but it's not what you ask for.
    Basic user is assigner and it doesn't work.
    I tried to pick some other roles and modify them so they include the table but i could not update them
     
    I checked what's happening with the "Tables" section of User1 at every step and result was always the same. Nothing changed, there are no tables visible.
     
    Thanks for your help
     
     
     
     
  • Suggested answer
    Haque Profile Picture
    Haque 3,096 on at
    Hi @Kadd,
     
    "if the seccurity role is set on the table, it has access to the views, isn't it ?" - yes it is and it should be.
     
    Thing seems to be fishy, allow me some times I will try to replicate if I can make a gap. I suspect something is happneing in the parent-child areas.
  • Kadd Profile Picture
    Kadd 467 on at
    Hi @Haque,
     
    Sure, no problem.
     
    thanks a lot for your help.
  • Suggested answer
    11manish Profile Picture
    11manish 2,286 on at
    The issue is not with Business Unit hierarchy but with missing access prerequisites. When User1 is assigned to the AllDpts BU, they likely lack either app access or
     
    the Read privilege on the table, which causes the tables to disappear entirely.
     
    In Dataverse, a user must have at least Read access to a table for it to be visible, and the app must also be shared with them.
     
    To achieve your requirement (AllDpts visible to child BUs, department-specific visibility otherwise), you should configure Read = Parent:Child BU and Write = BU
     
    level in the security role, and ensure the app is shared with the user.
  • Kadd Profile Picture
    Kadd 467 on at
    Hello @11manish,
     
    Thanks for your answer.
     
    There's not application created at the moment. i'm on the table and access configuration.
    But User1 has Read access on the table via AllDpts BU so he should be able to see it....
     
     
    I adapted access to the table as per your recommendation.
     
    Thanks a lot
     
     
  • Kadd Profile Picture
    Kadd 467 on at
    Hello @Haque,
     
    Hope you're doing good.
     
    Just wanted to know if there is any news on your side regarding the test you wanted to do ?
     
    Thanks a lot in advance
  • Suggested answer
    Haque Profile Picture
    Haque 3,096 on at
    Hi @Kadd,
     
    I am sorry and I thought you have over come this stuff. 
    Can you please check If User1 has multiple roles - what are they, also ensure none of them explicitly deny access or override permissions.
     
     
    Also - if you can run a user access diagnostics: Use the Power Platform Admin Center’s "Run diagnostics" feature on User1 in the production environment. This tool synchronizes user info from Microsoft Entra ID and checks for permission, license, and environment access issues. It can reveal hidden problems like missing licenses, group memberships, or role assignments.
     
     
    Reference:
     
     
  • Kadd Profile Picture
    Kadd 467 on at
    Hi @Haque,
     
    well...no. I spent 3 days trying everything i could before creating this post so.... 😅
     
    Since your last message was saying you will give it a try on your side, i waited.
     
     As said, User1 is assigned "Basic user" and has "Basic Test" (which is a copy of "Basic User" as explain in my very first post) through AllDpt BU.
    Since 11Manigh asked the question in a previous post, provided a screenshot of User1 accesses.
     
    So everything is there and i have no idea what's wrong...
     
    Diagnostic gives me this 
     
     
    Thanks a lot for your help
     
     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the April Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
Vish WR Profile Picture

Vish WR 899

#2
Valantis Profile Picture

Valantis 571

#3
11manish Profile Picture

11manish 499

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans