- Security: Methods for protecting the system as a whole and the data housed within the system. Security is cumulative.
- User Security: Defines user access to Tables, Columns, Rows, etc., in the Power Platform Dataverse. Individual user access is controlled through an accumulated combination of their associated Security Roles, Business Unit, Dynamics Teams, etc. Users will get the least restrictive combination of all their security roles.
- Security Role: Defines permission to Tables and other miscellaneous privileges.
Add Users to the Power Platform Environment
Microsoft 365 admins need to give users access to the Power Platform environment that contains the BrightWork 365 solution; this can be done either individually or with the recommended method of adding users to a Microsoft 365 Security Group that is part of the environment. If no users at all are added to the environment then all Active Directory users will have environment access.
Security groups can be created either directly within the Microsoft 365 admin center, or through the creation of a private Microsoft Team which will in turn automatically create a security group with the same given name in Microsoft 365. Once the security group is created, users can be added to it either via the Microsoft 365 admin center or by adding them to the Microsoft Team.
Once a user is added to the environment, an environment System Administrator must assign security roles to the user so they may use the BrightWork 365 app in the intended manner - see the Security Roles section below.
For additional details about controlling user access to Power Platform environments, Azure security groups, and licenses, see this documentation and contact your organization's system administrator.
Assign Security Roles to Users
In addition to adding users to the overall Power Platform environment as noted above, users will also need to be granted security roles after importing the BrightWork 365 solution. Security roles need to be assigned to users individually, not through the use of Azure security groups, and this is done through the standard Power Platform role assignment process. You can also bulk assign security roles to multiple users with the User Roles Manager utility in XrmToolBox.
All BrightWork 365 users must be assigned the following security roles:
- Basic User.
Request Submitters: If a user will be given a free BrightWork 365 license to be able to only submit project requests, they will also require the following additional security role:
- BrightWork Request Submitter. Note that although these users can use a free BrightWork 365 license, they will still need a paid MS Power Apps license. Also note that although this limited user will only see the Requests area on the nav and the Projects or Portfolios areas, they still have access to these other app areas which they can navigate to through other routes such as by clicking on linked columns, e.g., the Program column in the Request form.
All paid license BrightWork 365 users at a minimum need the following security role in addition to Basic User:
- BrightWork Team Member. This consumes a BrightWork 365 license and is not for those users who will only be Request Submitters as noted above. Users granted the BrightWork Team Member security role will appear in the app's Admin Area in Security > Users > BrightWork Users.
To assign security roles to users individually:
- Login to your organization's Power Platform admin center and click the environment where you installed BrightWork 365.
- Click See all under Users.
- Select a user and click Manage security roles.
- Select the roles you want to apply to the user and click Save.
If security role changes are made to a user that is already logged in, the user will need to either refresh the screen with Ctrl-F5 or log out of the BrightWork 365 app and log back in to utilize the security role changes.
Create the Senior Managers Dynamics Team
The BrightWork 365 Senior Managers Dynamics Team is used to limit the users returned in the following form lookup columns:
- Approvers (Project Requests)
- Group Manager
- Portfolio Manager
- Portfolio Sponsor
- Program Manager
- Program Sponsor
To create the Senior Managers Dynamics Team and add users:
- Login to the BrightWork App.
- Switch to the Admin area.
- Click Dynamics Teams and click + New.
- Name the team "Senior Managers".
- Select a Business Unit, make yourself the Administrator and click Save.
- Click Add Existing User to begin adding your users to the team.
It is possible to more granularly limit the users returned in the lookup columns noted above beyond what is offered by the Senior Managers team with the use of additional lookup column security roles and related configuration changes. For more detailed information contact your BrightWork Customer Success Partner.
BrightWork 365 Roles Viewer Report
The BW365 Roles Viewer report (in the installation Solution Files zip) gives you a quick and easy way to see which role each user is assigned and the users on each team.
- This section requires you to have Power BI Desktop installed on your computer. See https://powerbi.microsoft.com/en-us/desktop/ to download it.
- The report uses Direct Query. If you publish it to the Power BI service, it will always show the latest information without having to be put on a refresh schedule.
To setup the report:
- Copy the first part of the BrightWork 365 URL, as shown below.
- Open the BW365 Roles Viewer.pbit file, paste in the copied URL and click Load.
- Login if necessary and click Connect.
- Save the report as a local PBIX file.
User Access Issues
With user diagnostics you can run through a series of checks to determine the health of a user account and view recommendations for resolving issues.
- Navigate to the Power Platform admin center, Environment Details page.
- Click on Settings | Users.
- Select the user and choose Run diagnostics from the top of the screen.
- Check the diagnostic Status and Results notes for any issues and resolution recommendations.