Sharing in Microsoft Dynamics 365 is a basic feature that helps to manage the visibility and access of records among users. It’s a primary Notion that holds significance especially when the exam “PL-200 Microsoft Power Platform Functional Consultant” is under consideration. Managing sharing encompasses many functionalities like creating and maintaining sharing rules, manual sharing and managing inherited access.
I. Sharing Rules
Sharing rules form the backbone of the record accessibility and visibility system. They decide who can access a record, whether they can edit, delete, or only view the record.
For example, let’s assume an organization has a custom entity, “Project”. The organization wants all its employees to have access to all the records in the Project entity. The organization can achieve this by setting up a sharing rule that grants read access to all the users for all the records in the Project entity.
Here is how you can define a sharing rule:
- Go to ‘Settings’ > ‘Security’ > ‘Sharing Settings’.
- Under ‘Sharing Settings’, click on ‘New’.
- In the New Sharing Settings form, define the rule. Set the entity as ‘Project’, set the user or team that will be granted access, and set the level of access (Read, Write, Delete, Append, Append To).
- Click on ‘Save’.
II. Manual Sharing
The users or teams can share records they have access to with other users or teams, as sharing rules alone may not be adequate in every scenario. Manual sharing gives users the flexibility to share a select record with a particular user or team.
For example, in our previous Project entity scenario, say a user wants to share a select Project record with a specific team for their input. The user can manually share the record with the Team, granting them the necessary level of access.
Here is how a user can manually share a record:
- Open the record the user wishes to share.
- Click on the ‘…’ for more options and then click ‘Share’.
- In the ‘Share’ form, click on ‘Add User/Team’, look for the user or team you want to share the record with, specify the level of access and click on ‘Share’.
III. Managing Inherited Access
Inherited access refers to access rights received because of the user’s association with a business unit, team, or role. In Dynamics 365, inherited access can be viewed, however, it cannot be modified or removed directly.
For example, if a user has read access to the Project entity because of his role in the organization, this forms the user’s inherited access. This access cannot be removed unless the user’s role access level changes or the user moves into a different team or business unit.
To view the inherited access for a record,
- Open the record for which you wish to see the inherited access.
- Click on ‘…’ and then ‘Sharing’.
- Here, you can see all the directly shared access and the inherited access. Inherited access will be denoted by the ‘Inherited’ label.
The management of sharing in Microsoft’s Power Platform is hence, a simple yet essential concept for any Dynamics 365 users or Functional Consultants. Learning how to manage sharing effectively not only helps to regulate and control the visibility and access of records but also aids in maintaining the security of the data.
Practice Test
T/F: In Microsoft Power Platform, you can only share an app with an individual user.
- True
- False
Answer: False
Explanation: Microsoft Power Platform allows you to share an app with individual users, security groups, distribution lists, or everyone in your organization.
Multiple Select: Which of the following groups can an app be shared with in Microsoft Power Platform?
- a) Users
- b) Distribution Lists
- c) External Groups
- d) Security Groups
Answer: a) Users, b) Distribution Lists, d) Security Groups
Explanation: You can share an app with individual users, security groups, and distribution lists. However, sharing with external groups is not supported.
T/F: Microsoft Power Platform allows you to manage sharing in a granular level.
- True
- False
Answer: True
Explanation: Microsoft Power Platform allows you to specify the sharing level for each user, security group, or distribution list.
Single Select: When you share an app, what permissions can you assign to a user?
- a) Read
- b) Write
- c) Co-owner
- d) All of the above
Answer: d) All of the above
Explanation: Microsoft Power Platform support Read, Write, and Co-owner permissions when sharing an app.
T/F: App sharing permissions are hierarchical, which means higher-level permissions include all rights of the lower-level ones.
- True
- False
Answer: True
Explanation: For instance, Write permission includes Read rights, and Co-owner includes both Read and Write rights.
Multiple Select: Which of the following are required when sharing a canvas app?
- a) Sharing the app
- b) Sharing the database
- c) Sharing the flow
- d) Sharing the connector
Answer: a) Sharing the app, b) Sharing the database, c) Sharing the flow
Explanation: Sharing a canvas app requires you to share the app itself, the database and flow that the app uses.
Single Select: What option should you use to share an app with all members in your organization?
- a) Everyone
- b) All users
- c) Organization
- d) Share with all
Answer: a) Everyone
Explanation: To share an app with all members in your organization, you need to use the ‘Everyone’ option.
T/F: All users, to whom the app is shared, should have appropriate data source permissions.
- True
- False
Answer: True
Explanation: Even if the app is shared with users, those users must have the proper permissions for the connected data source.
Single Select: What permission level allows the user to edit and delete the app?
- a) Read
- b) Write
- c) Co-owner
- d) Share
Answer: c) Co-owner
Explanation: The Co-owner permission level allows a user to edit and delete the app.
T/F: In Microsoft Power Automate, you can share a flow by adding users or groups.
- True
- False
Answer: True
Explanation: Similar to app sharing in Power Apps, you can share flows in Power Automate by adding users or groups.
Multiple Select: What are the minimum permissions required for sharing an app?
- a) The app
- b) Data sources
- c) All the connected services
- d) User
Answer: a) The app, b) Data sources
Explanation: To share an app, at a minimum, the app itself and its data sources must be shared.
T/F: In Power Apps, it’s not possible to share a model-driven app’s sitemap separately.
- True
- False
Answer: True
Explanation: Sharing a sitemap separately is not possible. The sitemap is part of the model-driven app and is shared when the app is shared.
Single Select: Who has the permission to share Power BI dashboard or reports?
- a) Admin
- b) Owner
- c) Creator
- d) User
Answer: b) Owner
Explanation: The owner of a Power BI dashboard or report has permission to share that content with others.
T/F: Microsoft Power Platform doesn’t allow sharing with dynamic security groups.
- True
- False
Answer: False
Explanation: Microsoft Power Platform supports sharing with dynamic security groups in addition to users, security groups, and distribution lists.
Multiple Select: In Power BI, what can be shared?
- a) Reports
- b) Dashboards
- c) Datasets
- d) Flows
Answer: a) Reports, b) Dashboards, c) Datasets
Explanation: In Power BI, reports, dashboards and datasets can be shared. However, flows are part of Power Automate and are not shareable in Power BI.
Interview Questions
What is the primary purpose of managing sharing in Microsoft Power Platform?
The primary purpose of managing sharing in Microsoft Power Platform is to control users’ access to data in your organization and ensure they only have access to the data that they need to perform their jobs.
How can you share a canvas app in Power Apps?
To share a canvas app, go to Power Apps, select the App you want to share, and then click on the Share button. This will allow you to add users or groups and specify what level of access they should have.
What can you do with the Admin center in Microsoft Power Platform?
The Admin center in Microsoft Power Platform allows you to manage environments, data policies, and other settings. It helps with user management, provisioning resources, setting up data loss prevention policies, and more.
What does “co-owner” access level mean when sharing a flow in Power Automate?
The “co-owner” access level means that the user will be able to edit and manage the flow as if they were its creator. They can add or remove other owners and can even delete the flow if necessary.
What is data loss prevention (DLP) policy and how does it relate to managing sharing in Microsoft Power Platform?
A data loss prevention (DLP) policy is a strategy for ensuring that sensitive data is not sent outside the corporate network. It defines which connectors can access business data in Power Apps, Power BI, and Power Automate, ensuring data security when sharing data across various platforms.
How can you share a Power BI dashboard?
To share a Power BI dashboard, open the dashboard you want to share, click the Share button at the top of the dashboard, and then add the email addresses of the people you want to share with.
How can you restrict data access in a Power App?
Data access in a Power App can be restricted by defining a role-based security model where each role has specific access rights to the data.
Can you share a Power Automate flow with users outside of your organization?
No, only users with a work or school account in the same organization can be given access to your flow.
What is the purpose of the “environment” in Microsoft Power Platform?
An environment in Microsoft Power Platform is a space to store, manage, and share your organization’s business data, apps, and flows.
Can a Power BI report be shared with external users?
Yes, external sharing in Power BI is possible, but it requires Azure AD B2B. Another way to share with external users is by publishing the report to web, but this has significant considerations for data privacy and security.
Can you share an individual Power Automate flow with an entire security group?
Yes, in Power Automate, you can share a flow with an entire security group. This grants all users in the group the same permissions for that flow.
How can a Data Loss Prevention policy be enforced while sharing PowerApps Inside the organization?
The DLP policy can be enforced by classifying data into business and non-business data and by setting policies that dictate what kind of data can be shared with whom.
How can you manage who has access to a specific environment in Power Platform?
You can specify who has access to a certain environment in Power Platform by modifying the user’s roles in the Admin Center.
Who can edit a flow that has been shared with them as a run-only user in Power Automate?
Run-only users cannot edit a flow. They can only run the flow with their own credentials.
Can users without a Power Apps license run apps that have been shared with them?
No, users need to have either a Power Apps per app or per user license assigned to them to be able to run apps.