Intro:
In Dataverse, managing record permissions is crucial for maintaining data security and integrity. Similar to file system permissions, Dataverse uses a structured approach to define who can access and modify records.
𝐎𝐰𝐧𝐞𝐫𝐬𝐡𝐢𝐩:
Every record in Dataverse is assigned three types of ownership:
🔹 Owner 👤 : The owner is the user who created the record or to whom the record has been assigned. Owners have full control over their records.
🔹 Team 👥 : A team can consist of multiple users. All members of the team have the same permissions to access and manage the record. Teams are useful for collaborative environments.
🔹 Organization 🌐: This refers to all users within the organization. Permissions can be set at the organization level to allow broader access to records.
𝐏𝐞𝐫𝐦𝐢𝐬𝐬𝐢𝐨𝐧𝐬
Dataverse permissions are defined through security roles, which determine what actions users can perform on records
🔹 Create: Allows users to create new records.
🔹 Read: Allows users to view records.
🔹 Write: Allows users to modify the content of records.
🔹 Delete: Allows users to remove records.
🔹 Append: Allows users to associate the current record with another record.
🔹 Append To: Allows users to associate another record with the current record.
🔹 Assign: Allows users to change the owner of a record.
🔹 Share: Allows users to share records with other users or teams, specifying the level of access (read, write, delete).
Access Mask rightes in the platform is as below
When a user shares a record in Dataverse and grants specific permissions like Read, Write, and Append, the access rights are recorded using a combination of bitwise values. Each permission corresponds to a specific bit value, and the combination of these values determines the overall access rights.
Dataverse uses the PrincipalObjectAccess table to store sharing information. When a record is shared, an entry is created in this table with the following key fields:
PrincipalId: The ID of the user or team with whom the record is shared (User B in this case).
ObjectId: The ID of the record being shared.
AccessRightsMask: The combined bit value representing the granted permissions (7 in this case).
Detailed Access Mask Rights Value are as below:
| Read | Write | Append | AppendTo | Share | Value of Access Mask Rights |
|---|---|---|---|---|---|
| Yes | Yes | Yes | Yes | Yes | 262167 |
| Yes | Yes | Yes | Yes | No | 23 |
| Yes | Yes | Yes | No | Yes | 262151 |
| Yes | Yes | Yes | No | No | 7 |
| Yes | Yes | No | Yes | Yes | 262163 |
| Yes | Yes | No | Yes | No | 19 |
| Yes | Yes | No | No | Yes | 262147 |
| Yes | Yes | No | No | No | 3 |
| Yes | No | Yes | Yes | Yes | 262165 |
| Yes | No | Yes | Yes | No | 21 |
| Yes | No | Yes | No | Yes | 262149 |
| Yes | No | Yes | No | No | 5 |
| Yes | No | No | Yes | Yes | 262161 |
| Yes | No | No | Yes | No | 17 |
| Yes | No | No | No | Yes | 262145 |
| Yes | No | No | No | No | 1 |
𝐁𝐞𝐬𝐭 𝐏𝐫𝐚𝐜𝐭𝐢𝐜𝐞𝐬
When configuring permissions in Dataverse, consider the following best practices:
🔹 Least Privilege: Grant users the minimum permissions necessary to perform their tasks. This reduces the risk of unauthorized access and data breaches.
🔹 Training: Educate users on the importance of data security and proper use of permissions to foster a culture of responsibility.
🔹 Regular Audits: Periodically review and update security roles and sharing settings to ensure they align with current business needs and compliance requirements.
Further Read:
Top comments (0)