Successful Security Setup for Model-Driven Apps

by | Updated January 2, 2020 | Dynamics CRM, Power Platform

Power Apps has empowered us to easily create and build Model-Driven apps. Requiring no heavy coding or experience, you can develop these apps to meet a variety of business needs. And with the recent 2019 release of Dynamics 365 Customer Engagement wave 2, the end-user experience continues to be enhanced with functionality improvements and additions. Building a Model-Driven app is (fairly) simple, but when deploying you must keep security roles and end-user access in mind.

You can choose what users see and access from the ‘My Apps’ page or Customer Engagement home page by giving app-access to specific security roles. Users will have access to apps based on the security roles they’re assigned to. When deploying, there are multiple potential areas that can affect the user’s ability to access part or all of the app. Below, I’ve provided a comprehensive list of common areas to check if the user can’t see the app or access certain parts of it.

1) Security role is not granted access to the app

The most common reason a user can’t see or access the app is that the user doesn’t have a security role with access to the model-driven app. Although you can grant any role to any app, this can get messy. If you give a primary security role access to an app, you are giving everybody assigned that role access to the app. In the scenario of deploying multiple apps, you will find yourself in situations where you want to grant access to the app to selected people, and not everyone. This is where the beauty of the app access role design comes into play and lets you easily control access to apps without modifying your primary security roles.

In security roles, you will notice some roles appear in your list that contain “app access”. You can simply add these app access roles to any user to make the app show in up their app list, and you can remove that security role to make their access to the model-driven app disappear.

App Access

2) User is missing model-driven app privilege in security role

Once your users are assigned the correct security role granting them access to the app they need, you need to make sure that security role is assigned to the Model-Driven app. To do this, navigate to My Apps or Customer Engagement home page and click the ellipses next to the app you’re assigning a security role to. By selecting Manage Roles, a list of all security roles will pop up on the right-hand side. Here is where you select what security roles have access to the selected model-driven app.

Customer Service Hub

Manage Roles

3) Grant access to entities or records in the security role or license

You do not have sufficient privileges to view this record. Contact your system administrator”. This error message can be frustrating for an end-user, so be sure to add necessary entities that are included in your app when managing security roles- and don’t forget about custom entities. These can be found under the Custom Entities tab for a security role.

Security Role - Sales Manager

4) Security role needs access to forms, dashboard, and business process flows in the app

When you’re deciding what forms, dashboards, and business process flows will exist in your model-driven app, make sure your users who will be using the app have the correct security set up to have access to them. Business Process Flows are represented as a custom entity and come with their own set of privileges that can be edited within a security role just like any other system or custom entity. You can specify the privileges in the Business Process Flows tab for a security role.

Key Takeaway: Do your due diligence when setting up security for a Model-Driven app. Make sure your users have appropriate privileges in multiple areas. And if you do run into security issues, run through this non-exhaustive list provided.

If you are looking for more information or have more questions about Model-Driven apps, please reach out to us at Stoneridge Software!


Related Posts


Submit a Comment

Your email address will not be published. Required fields are marked *

Upcoming Events


07oct12:00 pm1:00 pmThe Three Paths to Business Central from Dynamics GP

08oct11:00 am12:00 pmConfab with Stoneridge - Livestream - The Vision and Strategy of Microsoft Business Systems

14oct10:00 am10:30 amThe Modern Manufacturer - Managing Complex Cost Modeling

14oct12:00 pm12:30 pmGenerating Custom Inspection or Process Forms

19octAll Day22Stoneridge Connect Fall 2020

22oct11:00 am12:00 pmConfab with Stoneridge - Livestream - Stoneridge Connect Recap

28oct10:00 am10:30 amThe Modern Manufacturer - Engineering Change Management: Introduction of NEW Functionality for Manufacturers Using Dynamics 365


11nov10:00 am10:30 amThe Modern Manufacturer - Tears and Trauma of MRP

About Stoneridge
Stoneridge Software is a unique Microsoft Gold Partner, with emphasis on partner. With specialties in Microsoft Dynamics 365, Microsoft Dynamics AX, Microsoft Dynamics NAV, Microsoft Dynamics GP and Microsoft Dynamics CRM, we focus on attracting the most knowledgeable experts in the field to our team, and prioritize delivering stellar solutions with maximum impact for your business. At Stoneridge, we are deeply committed to your results. Each engagement is met with a dedicated team, ready to provide thorough, tailored, and expert service. Based in Minnesota, we intentionally “step into your shoes,” wherever you are. We focus on what you care about, and develop trusting, long-term relationships with our clients.

Subscribe To Our Blog

Sign up to get periodic updates on the latest posts.

Thank you for subscribing!