security

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Skill: Dataverse Security Model

Skill：Dataverse安全模型

When to Use

适用场景

Trigger when designing security roles, field-level security, row-level access, team structures, business unit hierarchies, or any access control design for Dataverse/Power Platform solutions.

当为Dataverse/Power Platform解决方案设计安全角色、字段级安全、行级访问、团队结构、业务单元层级或任何访问控制设计时触发。

Security Model Overview

安全模型概述

Entra ID (Authentication)
  └── Confirms identity ("who are you?")

Dataverse Security (Authorization)
  ├── Security Roles          → Table-level CRUD + access depth
  ├── Column Security         → Field-level read/update control
  ├── Row-Level Security      → Record ownership + sharing
  ├── Business Units          → Organizational hierarchy
  ├── Teams                   → Group-based access
  └── Hierarchy Security      → Manager/position chain visibility

Entra ID（身份验证）
  └── 确认身份（"你是谁？"）

Dataverse安全（授权）
  ├── 安全角色          → 表级CRUD + 访问深度
  ├── 列安全           → 字段级读取/更新控制
  ├── 行级安全          → 记录所有权 + 共享
  ├── 业务单元          → 组织层级
  ├── 团队                   → 基于组的访问
  └── 层级安全          → 管理者/职位链可见性

⚠️ REQUIRED: Load Sub-Files Before Implementation

⚠️ 实施前必须加载子文件

SKILL.md is a summary only — it is NOT sufficient for implementation.

The detailed content (complete payloads, XML templates, working examples, edge-case handling) lives in sub-files in the same directory as this SKILL.md. Before writing any code, you MUST use

read_file

on the sub-files relevant to your task:

Roles & Privileges — Access levels (User/BU/Parent:Child/Org), privileges (CRUD + Append/AppendTo/Assign/Share), standard role patterns, minimum viable privileges
Row & Column Security — Column security profiles, field permissions, row-level patterns (ownership, sharing, hierarchy)
Business Units & Teams — BU hierarchy design, owner teams, access teams, Azure AD Group Teams, record sharing (GrantAccess/RevokeAccess)
Web API Management — Security role CRUD via Web API, privilege queries, role assignment to users/teams, field security profile management

SKILL.md仅为摘要——不足以支撑实施工作。

详细内容（完整负载、XML模板、可用示例、边缘情况处理）位于此SKILL.md所在同一目录的子文件中。在编写任何代码之前，必须对与任务相关的子文件使用

read_file

：

角色与权限 —— 访问级别（用户/业务单元/父级:子级/组织）、权限（CRUD + 追加/追加至/分配/共享）、标准角色模式、最小必要权限
行与列安全 —— 列安全配置文件、字段权限、行级模式（所有权、共享、层级）
业务单元与团队 —— 业务单元层级设计、所有者团队、访问团队、Azure AD组团队、记录共享（GrantAccess/RevokeAccess）
Web API管理 —— 通过Web API进行安全角色CRUD、权限查询、为用户/团队分配角色、字段安全配置文件管理

Security Design Checklist

安全设计检查表

markdown

undefined

markdown

undefined

Security Model Design: [Solution Name]

安全模型设计：[解决方案名称]

Tables & Access Matrix

表与访问矩阵

Table	App Admin	App Manager	App User	App Reader
contoso_project	Org CRUD	BU CRUD	User CRW	Org R
contoso_task	Org CRUD	BU CRUD	User CRUD	Org R
contoso_resource	Org CRUD	BU R	User R	Org R

表	应用管理员	应用经理	应用用户	应用读者
contoso_project	组织级CRUD	业务单元级CRUD	用户级CRW	组织级读取
contoso_task	组织级CRUD	业务单元级CRUD	用户级CRUD	组织级读取
contoso_resource	组织级CRUD	业务单元级读取	用户级读取	组织级读取

Column Security

列安全

Table	Column	Who Can Read	Who Can Update
contoso_project	contoso_budget	Finance Team, App Admin	Finance Team
contact	contoso_salary	HR Team	HR Team

表	列	可读取角色	可更新角色
contoso_project	contoso_budget	财务团队、应用管理员	财务团队
contact	contoso_salary	HR团队	HR团队

Validation

验证

Test as each role — verify CRUD boundaries
Test cross-BU access — verify isolation
Test column security — verify restricted fields masked
Test with no roles — verify access denied
Verify lookup target tables have Read access
Verify AppendTo on lookup target tables

---

以每个角色测试——验证CRUD边界
测试跨业务单元访问——验证隔离性
测试列安全——验证受限字段已被屏蔽
无角色测试——验证访问被拒绝
验证查找目标表具有读取权限
验证查找目标表的AppendTo权限

---

Power Pages Table Permissions Audit

Power Pages表权限审计

When auditing table permissions for a Power Pages site, run these 7 check categories:

Missing Permissions (Critical) — Table used in code but no permission exists (403)
Overly Broad Scope (Warning) — Global scope with write/delete enabled
Missing Append/AppendTo (Critical) — Tables with lookups need append on source, appendto on target
Orphaned Permissions (Info) — Permission exists but table not used in code
Missing Web Role Association (Warning) — Permission without web role has no effect
Parent Chain Integrity (Critical) — Parent scope with broken parent reference grants no access
CRUD Excess (Warning) — More privileges than code uses (principle of least privilege)

在审计Power Pages站点的表权限时，运行以下7类检查：

缺失权限（严重）——代码中使用的表但无对应权限（403错误）
范围过宽（警告）——全局范围启用了写入/删除权限
缺失Append/AppendTo权限（严重）——带有查找的表需要源表的追加权限和目标表的追加至权限
孤立权限（信息）——权限存在但代码中未使用对应表
缺失Web角色关联（警告）——未关联Web角色的权限无效
父链完整性（严重）——父范围存在损坏的父引用会导致无权限
CRUD权限过剩（警告）——权限超出代码所需（最小权限原则）

Anti-Patterns

反模式

Giving users System Administrator role ("just make it work")
Single security role for all users (no least-privilege)
Not testing access as each role type
Missing AppendTo on lookup target tables (causes confusing save errors)
Not scoping environment variables/connection references with appropriate read access
Creating security roles in root BU when they should be BU-scoped
Over-sharing records (share individually instead of using teams)
Not using Azure AD Group Teams when Entra ID groups already exist
Column security without a clear policy (inconsistent protection)
Cascade delete configured without considering security implications
Org-owned tables when row-level isolation is needed
Using hierarchy security without clear organizational structure

为用户分配系统管理员角色（"先让它能用就行"）
所有用户使用单一安全角色（未遵循最小权限原则）
未以每种角色类型测试访问权限
查找目标表缺失AppendTo权限（导致令人困惑的保存错误）
未为环境变量/连接引用配置适当的读取权限范围
在根业务单元创建应限定于业务单元范围的安全角色
过度共享记录（单独共享而非使用团队）
已有Entra ID组时未使用Azure AD组团队
列安全无明确策略（保护不一致）
未考虑安全影响就配置级联删除
需要行级隔离时使用组织级表
无明确组织结构时使用层级安全