Updating security roles in Dataverse, is an important task for ensuring the security and privacy of your business data. By assigning specific roles and permissions to users, you can control who has access to your data and what they can do with it. Updating security roles in Dataverse can be done in several ways, including using the Dataverse platform, Power Apps, and custom scripts.
There are scenario were the business unit structure changes and we want to make security role amendments in align with the business unit change. Changing the access level to all the entity involved one by one is a painstaking process. What if we can able to automate the changes with the help of our very owned Power Automate.
The ReplacePrivilegesRoleAction is a bound action that can be used to replaces the privilege set of an existing role. The action takes one array parameter as an input named Privileges.
|BusinessUnitId||Edm.Guid||The ID of the business unit.|
|Depth||PrivilegeDepth||The depth of the privilege.|
|PrivilegeId||Edm.Guid||The ID of the privilege.|
|PrivilegeName||Edm.String||The name of the privilege.|
|Basic||0||Indicates basic privileges.|
|Local||1||Indicates local privileges.|
|Deep||2||Indicates deep privileges.|
|Global||3||Indicates global privileges.|
Now we know there is a method to update the security role, how we can make use of it. The security role access matrix are stored in the below structure in Dataverse. Using a FetchXML query we can able to get all the privileges associated with the role.
Now that we know all the privileges that are associated with the role, we can use the above replaceprivilegesroleaction method to update the necessary changes for the role. Beware that when you are forming the array for the privileges to feed to the action, make sure you have all the privileges in that array which includes your new changes and the existing privileges. If you miss any of them it will be removed as part of that action. This action will basically remove and add the privileges.