Successful Security Setup for Model-Driven Apps

by | Updated January 2, 2020 | Dynamics CRM, Power Platform

Power Apps has empowered us to easily create and build Model-Driven apps. Requiring no heavy coding or experience, you can develop these apps to meet a variety of business needs. And with the recent 2019 release of Dynamics 365 Customer Engagement wave 2, the end-user experience continues to be enhanced with functionality improvements and additions. Building a Model-Driven app is (fairly) simple, but when deploying you must keep security roles and end-user access in mind.

You can choose what users see and access from the ‘My Apps’ page or Customer Engagement home page by giving app-access to specific security roles. Users will have access to apps based on the security roles they’re assigned to. When deploying, there are multiple potential areas that can affect the user’s ability to access part or all of the app. Below, I’ve provided a comprehensive list of common areas to check if the user can’t see the app or access certain parts of it.

1) Security role is not granted access to the app

The most common reason a user can’t see or access the app is that the user doesn’t have a security role with access to the model-driven app. Although you can grant any role to any app, this can get messy. If you give a primary security role access to an app, you are giving everybody assigned that role access to the app. In the scenario of deploying multiple apps, you will find yourself in situations where you want to grant access to the app to selected people, and not everyone. This is where the beauty of the app access role design comes into play and lets you easily control access to apps without modifying your primary security roles.

In security roles, you will notice some roles appear in your list that contain “app access”. You can simply add these app access roles to any user to make the app show in up their app list, and you can remove that security role to make their access to the model-driven app disappear.

App Access

2) User is missing model-driven app privilege in security role

Once your users are assigned the correct security role granting them access to the app they need, you need to make sure that security role is assigned to the Model-Driven app. To do this, navigate to My Apps or Customer Engagement home page and click the ellipses next to the app you’re assigning a security role to. By selecting Manage Roles, a list of all security roles will pop up on the right-hand side. Here is where you select what security roles have access to the selected model-driven app.

Customer Service Hub

Manage Roles

3) Grant access to entities or records in the security role or license

You do not have sufficient privileges to view this record. Contact your system administrator”. This error message can be frustrating for an end-user, so be sure to add necessary entities that are included in your app when managing security roles- and don’t forget about custom entities. These can be found under the Custom Entities tab for a security role.

Security Role - Sales Manager

4) Security role needs access to forms, dashboard, and business process flows in the app

When you’re deciding what forms, dashboards, and business process flows will exist in your model-driven app, make sure your users who will be using the app have the correct security set up to have access to them. Business Process Flows are represented as a custom entity and come with their own set of privileges that can be edited within a security role just like any other system or custom entity. You can specify the privileges in the Business Process Flows tab for a security role.

Key Takeaway: Do your due diligence when setting up security for a Model-Driven app. Make sure your users have appropriate privileges in multiple areas. And if you do run into security issues, run through this non-exhaustive list provided.

If you are looking for more information or have more questions about Model-Driven apps, please reach out to us at Stoneridge Software!


Related Posts


Submit a Comment

Your email address will not be published. Required fields are marked *

Upcoming Events


14jan11:00 am12:00 pmConfab with Stoneridge - Livestream - Looking Forward: Predictions for Technology in 2021

20jan10:00 am10:30 amThe Modern Manufacturer - Demand Forecasting Functionality

27jan12:00 pm12:45 pmFour Keys to Choosing the Best ERP or CRM Solution: Part 1 – Fit

28jan11:00 am12:00 pmConfab with Stoneridge - Livestream - Ask the Experts!


03feb10:00 am10:30 amThe Modern Manufacturer - Enterprise Asset Management

03feb12:00 pm12:45 pmFour Keys to Choosing the Best ERP or CRM Solution: Part 2 – Platform

10feb12:00 pm12:45 pmFour Keys to Choosing the Best ERP or CRM Solution: Part 3 – Implementation Partner

11feb11:00 am12:00 pmConfab with Stoneridge - Livestream - Live Agents, Power Virtual Agents, Omnichannel – Oh My!

16feb12:00 pm12:45 pmFour Keys to Choosing the Best ERP or CRM Solution: Part 4 – Cost

17feb10:00 am10:30 amThe Modern Manufacturer - Machine Maintenance Work Orders

25feb11:00 am12:00 pmConfab with Stoneridge - Livestream - Surfing Through the Dynamics 365 Wave 1 2021 Release

About Stoneridge
Stoneridge Software is a unique Microsoft Gold Partner, with emphasis on partner. With specialties in Microsoft Dynamics 365, Microsoft Dynamics AX, Microsoft Dynamics NAV, Microsoft Dynamics GP and Microsoft Dynamics CRM, we focus on attracting the most knowledgeable experts in the field to our team, and prioritize delivering stellar solutions with maximum impact for your business. At Stoneridge, we are deeply committed to your results. Each engagement is met with a dedicated team, ready to provide thorough, tailored, and expert service. Based in Minnesota, we intentionally “step into your shoes,” wherever you are. We focus on what you care about, and develop trusting, long-term relationships with our clients.

Subscribe To Our Blog

Sign up to get periodic updates on the latest posts.

Thank you for subscribing!