Creating and managing security roles is a critical aspect of the PL-200 Microsoft Power Platform Functional Consultant exam. It provides the opportunity to control to what extent different personnel within an organization can access, manage, and operate the different modules and data within Microsoft Power Platform.

Table of Contents

I. Understanding Security Roles

Security roles in Microsoft Power Platform refer to the settings that control access to data for different classes of users. The permissions can be configured to offer different access to different users according to their roles in the organization. For instance, a sales representative may only have the rights to view and update their leads and opportunities but not others, whereas, a sales manager may have the rights to view and update all the leads and opportunities of the team.

II. Creating Security Roles

Create a new security role by following these steps:

  1. Navigate to the Power Platform admin center.
  2. Select an environment and then select ‘Settings’.
  3. Under ‘Users + permissions’, select ‘Security roles’.
  4. In the command bar, select ‘New’.
  5. Enter the new role’s name and description, then save.

While creating a security role, you assign permissions to that role. The various permissions are grouped together as per the functionality they offer. You can assign the below access levels for each entity to a role that you are creating:

  • Create: Controls the ability to create records.
  • Read: Controls the ability to read records.
  • Write: Controls the ability to change records.
  • Delete: Controls the ability to delete records.
  • Append: Controls the ability to associate records.
  • AppendTo: Controls whether records can be appended to the selected type.
  • Assign: Controls whether records can be assigned to users or teams.
  • Share: Controls whether records can be shared with others users or teams.

III. Managing Security Roles

Managing security roles essentially means modifying the permissions given to a security role or deleting the security role altogether. For editing a security role, go back to ‘Security roles’ under ‘Users + permissions’, select the role in question, and modify or add the permissions as per requirement.

As a cautionary note, be careful while deleting a security role as any user or team with that role may lose the respective access rights.

IV. Cloning security roles

Often, some roles may differ only slightly from others. In such cases, it’s beneficial to clone an existing security role and modify it as per requirement, saving effort and ensuring consistency. To clone a role, select the security role you wish to clone and then select ‘Clone a Role’ from the command bar.

Securing your data is an important responsibility, and effectively managing security roles in Microsoft Power Platform can lead to better data governance. Understanding how to create, modify, delete, and clone security roles will lead to more efficient management of your organization’s resources, making it an essential skill for aspiring Microsoft Power Platform Functional Consultants.

Practice Test

True or False: User-level security roles cannot be customized in Microsoft Power Platform.

  • True
  • False

Answer: False

Explanation: In Microsoft Power Platform, administrators have the ability to customize and create user-level security roles according to the needs of the organization.

Which of the following can you apply a security role to in Microsoft Power Platform?

  • A) Dashboard
  • B) Business Unit
  • C) Environment
  • D) App

Answer: B. Business Unit

Explanation: Security roles in Microsoft Power Platform can be applied to Business Units. Dashboards, environments, and apps inherit their security permissions from the business unit and user that they belong.

True or False: A custom security role in Power Platform can only be accessed by a single user.

  • True
  • False

Answer: False

Explanation: Custom security roles in the Power Platform can be assigned to multiple users and can be managed accordingly.

What are the core components when setting up a security role in Microsoft Power Platform?

  • A) Privileges and Code
  • B) Access Levels and Record Types
  • C) Code and Access Levels
  • D) Labels and Privileges

Answer: B. Access Levels and Record Types

Explanation: The core components when setting up a security role are access levels and record types, these together define the permissions a user or group has.

What are the different levels of access that can be set in a security role in Microsoft Power Platform?

  • A) User level, Business Unit Level, Parent-Child Level, Top Level
  • B) User level, Organization Level, Parent-Child Level, Top Level
  • C) User level, Business Unit Level, Organization Level, Top Level
  • D) User level, Business Unit Level, Parent-Child Business Unit Level, Organization Level

Answer: D. User level, Business Unit Level, Parent-Child Business Unit Level, Organization Level

Explanation: These are the four levels of access that can be set for any individual privilege in a security role.

The privilege to create and manage security roles in Microsoft Power Platform comes under which tab in the Security Role form?

Answer: Business Management Tab

Explanation: Under the Business Management tab, we can set privileges related to administration, including the creation and management of security roles.

When a user has roles from multiple business units. Which security roles are applicable?

  • A) The roles from all the business units are merged and applied.
  • B) Only the roles from the eldest business unit in the hierarchy are applied.
  • C) Only the roles from the youngest business unit in the hierarchy are applied.
  • D) The roles from their primary business unit are applied.

Answer: A. The roles from all the business units are merged and applied.

Explanation: When a user is assigned roles from multiple business units, the combined privileges of all these roles are applicable.

True or False: Removing a user from a Security Role will delete all the data that was created by that user.

  • True
  • False

Answer: False

Explanation: Removing a user from a role only changes their access rights. The data created by them is not deleted unless specifically done so.

Which is the highest level of access in Microsoft Power Platform?

  • A) Global/Organization Level
  • B) Business Unit Level
  • C) Parent-Child Business Unit Level
  • D) User Level

Answer: A. Global/Organization Level

Explanation: The Global or Organization level of access grants the widest range of access, making it the highest level.

True or False: Administrators can grant, modify, or revoke privileges for a user within a security role.

  • True
  • False

Answer: True

Explanation: Administrators in Microsoft Power Platform can manage the privileges of a user within a security role. This includes the ability to grant, modify or revoke privileges.

Interview Questions

What is the primary purpose of a security role in the Microsoft Power Platform?

The primary purpose of a security role is to control the level of access a user or a group of users has within an organization’s system. It dictates what actions can be performed, which data can be viewed and modified, and what parts of the system can be accessed.

How many security roles can be assigned to a single user in Microsoft Power Platform?

A single user can be assigned multiple security roles in Microsoft Power Platform. This gives the user the combined permissions of all the assigned roles.

What are the four levels of record-level privileges available in the Microsoft Power Platform?

The four levels are: Basic (pertains to the user’s records), Local (pertains to user’s and user’s teams’ records), Deep (pertains to user’s, user’s teams’, and user’s subordinates’ records), and Global (pertains to all records in the organization).

Is it possible to update a managed security role in Microsoft Power Platform?

No, managed security roles cannot be updated. These are read-only and any modifications are not allowed.

Which tab in the Security Role configuration allows you to specify how much access to give the role for each entity?

The “Core Records” and “Custom Entities” tabs in the Security Role configuration allow you to specify the access level for each entity.

What is the highest level of privilege that can be granted to a Security Role in Microsoft Power Platform?

The highest level of privilege that can be granted to a Security Role is the “Organization” level privilege.

Can you clone a security role in Microsoft Power Platform?

Yes, a security role can be cloned in Microsoft Power Platform. This is often done to create a new role with similar privileges to an existing role.

Can you delete a security role if it is being used by a user in the Microsoft Power Platform?

No, you cannot delete a security role if it is being used by a user. You must first remove the role from all users and teams before you can delete it.

If a user has more than one security role, what would the access level be?

If a user has more than one security role, the access level would be the sum of all the user’s roles. The user will have every privilege that is granted by each of the roles assigned to them.

What is the function of miscellaneous privileges in the security role settings of Microsoft Power Platform?

Miscellaneous privileges handle access to more indirect features such as the ability to publish to Power BI, or use the Dynamics 365 mobile app. These are specified in the “Business Management” tab of the security role configuration.

What happens if a user does not have a security role assigned in Microsoft Power Platform?

If a user doesn’t have any security role assigned, they will not be able to log in or access any data in the application.

Can a security role in Microsoft Power Platform be replaced by another security role?

Yes, a security role can be replaced by another one by removing the user from the first role and then adding them to the other role.

What are access levels in Microsoft Power Platform security roles?

Access levels are a part of the security privileges and they determine the extent of access for an entity that a role provides. They range from user level access to organization wide access.

Can you create a new security role from scratch in Microsoft Power Platform?

Yes. Apart from cloning existing roles, Microsoft Power Platform allows you to create new security roles from scratch to cater to the diverse needs of users or departments.

What is the “Check Access” feature in Microsoft Power Platform?

The “Check Access” feature helps to test and understand the level of access a user has to a specific record. It shows what rights are coming from which security roles and teams.

Leave a Reply

Your email address will not be published. Required fields are marked *