Canvas App - Dataverse - User unable to create new records

Question

Our users are unable to add a new record to a custom Dataverse table using a Canvas App.

Editing an existing record works - the record is saved with the changes in Dataverse.

They have the following security roles:

• Basic User
• and a custom role that grants create, read, write, append and append to permissions for the custom entities on an organizational level.

The inheritance is set to Direct User and Team.

We have also imported the min priv apps use role provided by Microsoft but - with the exception of one permission - it has everything that the Basic User does too.

Has anyone had this issue and know what permission is needed additionally?

We have also tried granting permissions for the following privileges under the "Customization" tab:

Canvas App, Option Set, Entity Key, Customizations, Solution, Publish Customizations

When granting the "system customizer" role, it works. Obviously, we can't leave this role enabled but it seems something in those settings makes it work.

Any help is appreciated!

Many thanks, Jenny

Answer 1

So I've found a solution. Not quite sure why this works but it did the trick.

I imported the "min privilege Sec Role" from here: https://learn.microsoft.com/en-us/power-platform/admin/database-security#minimum-privileges-to-run-an-app

I saved it as a new role and added the required (organizational level) privileges for our custom entities. And now our users can create records!

I am not (yet) certain which privilege they have now that was missing before because I compared the settings of the min privilege Sec Role to the Basic User and only found a couple of differences, i.e. privileges that the Basic User didn't include. However, granting those privileges to the custom role I created yesterday didn't help.

If anyone has an idea as to what difference this approach makes, feel free to share!

Thanks!