Recently, I encountered a requirement to establish a Business Unit (BU) organization structure within Dataverse using Power Automate. The structure and user information were provided through external data sources, specifically the HRM system (Afas). Once the structure was set up, my task involved linking each user to their respective Business Unit’s primary team. This integration allowed for centralized management of the business structure, users, and roles within the HRM system.
However, I faced challenges when it came to automatically granting users a security role to access the application. I experimented with various methods, such as Azure group permissions, but eventually found success by assigning a role to a team.
In our implementation, we follow the Dataverse security model, which allows for record ownership between different Business Units.
To assign a role to a team within Dataverse, the following steps can be followed:
- Establish a relationship between the team and the desired role:
To locate the relevant team associated with a specific business unit in Dataverse, you can utilize the “List rows” action. Apply a filter based on the business unit using the following format:
(_businessunitid_value eq 4b62be95-8bc8-ed11-b597-000d3a64a0aa)
In order to obtain the GUID of the role to which the team may be assigned, you’ll need to search for it within Dataverse. Apply the filter:
(_businessunitid_value eq <BU GUID> and name eq 'XX - Basic user')
It’s crucial to specify both the Role Name and the desired Business Unit since a unique role is defined for each business unit.
To establish a relationship, make an OData call to the GUID of the related role. An example of such a call would be:
https://xx-dev.crm4.dynamics.com/api/data/v9.1/roles(5b9758f1-d84d-4b5f-9255-94cbf4ec3e44)
