Search

Security and Access Configuration

  • Updated

Introduction

There are three core records that are configured to match your organisation:

Business Units, Security Roles, and Users are linked together in a way that conforms to a role-based security model.

Note that it is also possible (for more advanced Customer implementations) to configure and implement field-based security.

Business Units are created together with Security Roles to control data access so that Users see just the information they need to do their jobs.

The Program Framework support team will advise in this area.

Business Units

Business Units are important, core organisational records for all Power Apps. For example, the following rules should be noted:

  • The organization (also known as the root Business Unit) is the top level of a Business Unit hierarchy. The Organisation name cannot be deleted. The Organisation name is derived from the domain name when the environment was provisioned.
  • Business Units can have children Business Units, and each Business Unit can have just one parent Business Unit.
  • Each Business Unit can have multiple child Business Units.
  • Security Roles and Users can be associated with a Business Unit. Every User must be assigned to one (and only one) Business Unit.
  • A User cannot be added directly into a Business Unit directly. All newly provisioned Users are assigned to the root business.
  • The User's Business Unit can be changed at any time. Once the business unit is changed, the User will appear as a member of the Business Unit automatically.

Users

To get Users up and running in Power Framework some administrative tasks need to be completed in the Microsoft 365 admin centre.

  • Microsoft Power Apps is an online service subscription. When this service was signed up for, a set of licenses will have been received with the subscription, one license for each User. Additional licenses can be purchased if required, as needed.
  • In the Microsoft 365 Admin Centre, Users are registered so that they are recognised in the Microsoft Online Services environment, each User is assigned a license, and then administrative roles are assigned to the Users that fill those roles. The screen shows the Active User list in the Microsoft 365 Admin Centre:
PF_-_System_Architecture_-_Security___Access_Configuration_-_Users.png
  • It is important to ensure that the Users are assigned to the correct environments, such as Production or Sandbox. Environment access is controlled via M365 Security Groups.
  • The Power Framework Apps will then pick up the Users.
  • The System Admin User must then allocate Security Roles to the Users or Security Groups within the correct environments.
  • There are some predefined Power Framework Security Roles that can be used straight away, such as PMO and Project Manager.
  • Security Teams of Users can be used.

Roles and Responsibilities in Deployment

These are the roles and responsibilities within the deployment process:

Who

 Activities
IT
  • Procure licenses.
Tenant Administrator
  • Create a user account for Program Framework.
  • Assign licenses to users.
Tenant Administrator
  • Grant Program Framework account access to upload Power App solution file in make.powerapps.com.
Tenant Administrator
  • Provision SharePoint library for project documents (if to be deployed).
Tenant Administrator
  • Work with the Power Framework architect to associate O365 Security Group(s) and Power App Security Roles with the Power Framework App in the Power App Admin Centre. This will prevent the app from being available across the broader company.
Tenant Administrator
  • Create a Power BI Workspace and grant admin access for the Power Framework user.
  • Share Power BI App with relevant O365 Security Groups for report distribution.
Program Framework
  • Upload solution files to the Power Apps environment.
  • Set up key application parameters.
  • Set permission model for users.
  • Assist with user account set-up.
Power Framework App Superuser
  • Create/edit system records (reporting periods, team roles etc.) in the Power Framework app.
Power Framework end users
  • Create, view and edit projects and associated data.
  • View reports.

Power Framework Security Roles and Privileges

The combination of access levels and permissions that are included in a specific Security Role sets limits on the user's visibility of data and on the user's interactions with that data.

  • Power Framework provides a default set of Security Roles which are then tailored to the client organisation's requirements.
  • More than one Security Role can be assigned to a User. The effect of multiple Security Roles is cumulative, which means that the User has the permissions associated with all Security Roles assigned to the User.
  • The System Administrator Security Role has all the required privileges to assign Security Roles to any user including assigning the System Administrator Security Role. The example screenshot below shows the Security Role for the PMO Role.

PF_-_System_Architecture_-_Security___Access_Configuration_-_Power_Framework_Security_Roles___Privileges.png

There are four aspects of Security Roles:

  1. The Application areas, such as Details, Core Record etc., and also the Custom Entities on the right.
  2. Entities can be found in the columns on the left, Portfolio, Programme etc.
  3. There are eight columns to consider. They reflect the different functions that a User can perform. For each Entity the capability the Users with this Security Role has are defined, namely:
  • Create
  • Read
  • Write
  • Delete
  • Append
  • Append to
  • Assign
  • Share
  1. At the foot of the page is the Key for the security colour codes. For example, a green spot is a full access that covers all Business Units in the organisation, whereas an empty red circle shows that there are no privileges for the Entity.

Was this article helpful?

0 out of 0 found this helpful