Why not delegate the responsibility for assigning Dynamics/PowerApps/CDS security role to people outside of IT to get it closer to the people that actually are using the apps. ( if possible then why not )
Why not have a security role assignments in Dynamics/PowerApps/CDS connected with Microsoft Team Teams usually already created for Superuser, Department or Sales teams, etc.
Why not have these Microsoft Team Teams admin be responsible for automatic give the right Dynamics/Powerapps/CDS data privileges when they assign new Microsoft Teams team member to their Team. ( Sound too good to be true then read below !)
Hiding in plain sight is the possibility to assign Dynamics/Powerapps/CDS Team membership to sync with an Office Group. I know that I can assign a CDS security role to a Dynamics/Powerapps/CDS Team, so when a new member of this team is added, the member automatically gets the same security privileges as the team. The next aha moment for me was that Microsoft Teams uses the Office Group for its member assignment. So if you create a new Microsoft Teams Team, you automatically get an Office Group created behind the scene.
Connecting the dots
- Microsoft Teams uses Office Group for its team member control.
- Office Groups can be used to sync member to a Dynamics/Powerapps/CDS Team
- Dynamics/Powerapps/CDS Team can control which security privilege members have.
See the video demo at the bottom of this post on how to set up it all (almost too easy, peasy lemon squeezy if you ask me) or see step by step guide below.
How to Automate Security Role Assignment With Microsoft Teams
- Open up Dynamics or Powerapps as an Admin and navigate to “Advanced Setting.”
- Click on the Menu down arrow next to Setting in the black top line.
- Select “Security”
- Select “Teams”
- Click “new.”
- Give the new Team a Name, Owning Business unit, and an Administrator. For members of this team to be controlled by Microsoft Teams, select Teams Type = AAD Office Group.
- Fing the Teams Group ID by right-clicking on a Team and select “Get link to team”
- Copy the link and extract the “groupID portion of the URL ( example URL link… highlighted section is the Group ID to copy, https://teams.microsoft.com/l/team/19%3a2674dzxc1a8d4e039a098c758cd94fac%40thread.skype/conversations?groupId=9e4343647-1be9-4b05-b831-9dd222baf563&tenantId=722228bf-86f1-41af-91ab-2d7cd221db47)
- Paste in the Teams Group ID in “Azure AD Object id for a Group” – Press Save. Once saved, relate a Dynamics 365 Securit role / PowerApps CDS security role to the group by clicking “Manage Roles.” Select 1 or more security roles and press “Ok.” Now all setup is done, and automation magic will start.
More Automation of Licensing or Security roles
To do the same just with an Azure AD group see this post: Automate Dynamics/PowerApps Security Role assignment in 2 Easy peasy lemon squeeze steps
To Complete Automation for License assignment, please see this post: Automate Microsoft License assignment as Easy as 1-2-3