Security roles in Dataverse (Power Platform) define access levels for users, ensuring they only interact with the data and features necessary for their role. Automating security role assignments using PowerShell can help administrators manage users efficiently.
This guide will cover:
Connecting to Power Platform and Dataverse
Listing available security roles
Assigning security roles to users
Removing security roles from users
Automating security role assignments using scripts
Step 1: Prerequisites
1. Install Required PowerShell Modules
If not installed, run:
Install-Module -Name Microsoft.PowerPlatform.Dataverse.Client -Scope CurrentUser -Force
Install-Module -Name Microsoft.PowerApps.Administration.PowerShell -Scope CurrentUser -Force
2. Connect to Dataverse
Run the following command and log in with admin credentials:
Add-PowerAppsAccount
Now you’re connected!
Step 2: List Available Security Roles in Dataverse
To retrieve all security roles in a Dataverse environment, use:
Get-AdminPowerAppSecurityRole -EnvironmentName "Default-12345"
This will display all security roles and their corresponding IDs.
Step 3: Assign Security Roles to Users
Find the User ID in Dataverse
Before assigning a role, find the User ID using:
Get-AdminPowerAppUser -EnvironmentName "Default-12345" | Select-Object UserId, DisplayName
This will return User IDs and names.
Assign a Security Role to a User
Now, assign a security role using the following script:
$environmentName = "Default-12345"
$userId = "00000000-0000-0000-0000-000000000000" # Replace with actual User ID
$roleId = "11111111-1111-1111-1111-111111111111" # Replace with actual Role ID
New-AdminPowerAppSecurityRoleAssignment -EnvironmentName $environmentName -UserId $userId -RoleId $roleId
User assigned to the security role successfully!
Step 4: Remove a Security Role from a User
To remove a security role, use:
Remove-AdminPowerAppSecurityRoleAssignment -EnvironmentName "Default-12345" -UserId "00000000-0000-0000-0000-000000000000" -RoleId "11111111-1111-1111-1111-111111111111"
User removed from the security role successfully!
Step 5: Automate Security Role Assignments for Multiple Users
To automate security role assignments for multiple users, create a CSV file (e.g., UserRoleAssignments.csv) with the following format:
| UserId | RoleId |
|---|---|
| 00000000-0000-0000-0000-000000000001 | 11111111-1111-1111-1111-111111111111 |
| 00000000-0000-0000-0000-000000000002 | 22222222-2222-2222-2222-222222222222 |
Now, use the following PowerShell script to assign roles to multiple users automatically:
$environmentName = "Default-12345"
$csvPath = "C:\UserRoleAssignments.csv"
# Import CSV file
$userRoles = Import-Csv -Path $csvPath
# Loop through each user and assign the role
foreach ($row in $userRoles) {
New-AdminPowerAppSecurityRoleAssignment -EnvironmentName $environmentName -UserId $row.UserId -RoleId $row.RoleId
Write-Host "Assigned role $($row.RoleId) to user $($row.UserId)"
}
Bulk security role assignments completed successfully!
Step 6: Verify Security Role Assignments
To verify which roles are assigned to a user, use:
Get-AdminPowerAppSecurityRoleAssignment -EnvironmentName "Default-12345" -UserId "00000000-0000-0000-0000-000000000000"
This will return all security roles assigned to the user.