Dataverse update security role privileges in bulk

Updating security roles in Dataverse, is an important task for ensuring the security and privacy of your business data. By assigning specific roles and permissions to users, you can control who has access to your data and what they can do with it. Updating security roles in Dataverse can be done in several ways, including using the Dataverse platform, Power Apps, and custom scripts.

There are scenario were the business unit structure changes and we want to make security role amendments in align with the business unit change. Changing the access level to all the entity involved one by one is a painstaking process. What if we can able to automate the changes with the help of our very owned Power Automate.

The ReplacePrivilegesRoleAction is a bound action that can be used to replaces the privilege set of an existing role. The action takes one array parameter as an input named Privileges.

BusinessUnitIdEdm.GuidThe ID of the business unit.
DepthPrivilegeDepthThe depth of the privilege.
PrivilegeIdEdm.GuidThe ID of the privilege.
PrivilegeNameEdm.StringThe name of the privilege.
The privileges items take the following properties.
Basic0Indicates basic privileges.
Local1Indicates local privileges.
Deep2Indicates deep privileges.
Global3Indicates global privileges.
The PrivilegeDepth parameter accepts the below options.

Now we know there is a method to update the security role, how we can make use of it. The security role access matrix are stored in the below structure in Dataverse. Using a FetchXML query we can able to get all the privileges associated with the role.

Now that we know all the privileges that are associated with the role, we can use the above replaceprivilegesroleaction method to update the necessary changes for the role. Beware that when you are forming the array for the privileges to feed to the action, make sure you have all the privileges in that array which includes your new changes and the existing privileges. If you miss any of them it will be removed as part of that action. This action will basically remove and add the privileges.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s