You are viewing PowerRoster™ v8.2. See what's new in Release Note v8.2

Security Roles

Prev Next

PowerRoster uses security roles to control application access and define user permissions. Administrators can assign these roles to manage which users can access specific applications and perform designated tasks.

The application has three security roles:

Role

Responsibility

PowerRoster - Read Only

  • Users with this role are only able to read records and have no ability to create, update or delete any data.

PowerRoster Workforce Manager

  • Users with this role are able to perform any CRUD operation on any record in their own Business Unit and any child Business Unit.

  • Additionally, the users can assign or share any record with any other user in their Business Unit and any child Business Unit.

PowerRoster Admin

  • Users with this role are able to perform any CRUD operation on any record in the Organisation.

  • Additionally, the users can assign or share any record with any other user in the Organisation.

Role Privileges

PowerRoster - Read Only

👤 The PowerRoster - Read Only role should only be assigned to users that need to read records created across the organisation but have no need to create, update or delete any record.

 This role has read only access for certain entities in the application:

  • Roster Management

  • Time Management

  • Availability and Leaves

  • Resources

  • Demand Forecast

  • Compliance

  • Configuration

  • Analytics

  • Approvals

  • Notification

  • Smart Assign

  • Holiday Calendars

This role is not able to create, update, or delete any records on any entity. Additionally, the role does not grant permission to view any user, account, or contact details.

PowerRoster Workforce Manager

👤 The PowerRoster Workforce Manager role should only be assigned to users that need to manage rostering and resourcing across their business unit or any child business unit.

 This role has full CRUD access for most entities in their own business unit and the child business units:

  • Roster Management

  • Time Management

  • Availability and Leaves

  • Resources

  • Demand Forecast

  • Compliance

  • Configuration

  • Analytics

  • Approvals

  • Management

  • Notification

  • Logs

  • Smart Assign

  • Holiday Calendars

This role does not have the ability to configure any settings or administer the application in any way.

PowerRoster Admin

👤 The PowerRoster Admin role should only be assigned to users that need to administer the application in any way. The users will organisation wide access to make changes to most entities.

 This role has full CRUD access for most entities in the organisation:

  • Roster Management

  • Time Management

  • Availability and Leaves

  • Resources

  • Demand Forecast

  • Compliance

  • Configuration

  • Analytics

  • Approvals

  • Management

  • Notification

  • Logs

  • Smart Assign

  • Holiday Calendars

This role does not have the ability to make any changes to any user, account, or contact across the organisation

Add Users to a Security Role

Follow these steps to add users to a security role.

  1. Sign in to the Power Platform admin center.

  2. Select Manage in the navigation pane.

  3. In the Manage pane, select Environments and select an environment.

  4. Select Settings in the command bar. The Settings page for that environment is displayed.

  5. Select Users + permissions > Security roles.

  6. Select a security role, then select the More actions (...) icon.

  7. Select Members in the menu that appears.

  8. In the Members page, select + Add people.

  9. In the Add people pane, enter a name, email address, or team name to search for the users you want to add to the security role.

  10. Select Add to add those users to the security role.

Remove Users from a Security Role

You can remove users from a security role through the modern UI. Follow these steps to remove users from a security role.

  1. Sign in to the Power Platform admin center.

  2. Select Manage in the navigation pane.

  3. In the Manage pane, select Environments. Then select an environment.

  4. Select Settings in the command bar. The Settings page for that environment is displayed.

  5. Select Users + permissions > Security roles.

  6. Select a security role, then select the More actions (...) icon.

  7. Select Members in the menu that appears.

  8. In the Members page, select the users you want to remove from the security role.

  9. Select Remove at the top of the page.

  10. The Remove from role? window appears, asking you to confirm that you want privileges associated with that role removed for the selected user. Select Remove.

Important

A user can have multiple security roles. Security role privileges are cumulative. Users are granted the privileges that are available in each role assigned to them.

Access Management

The Access Management table displays detailed information about the security roles, highlighting the entities and columns they have access to and the types of access available.

The table has been divided into the following columns:

  • Entity - The entity in PowerRoster for which access is provided.

  • Column/Field - The column/field for the entity for which access is provided.

  • Roles - The role to which the access is provided.

    • Power Roster Read Only Role

    • Power Roster - Workforce Manager Role

    • Power Roster - Admin Role

For each role in the table, permissions have been defined against each entity or column.

  • <Access Level>

    • <Permission>

Entity

Column/Field

Power Roster Read Only Role

Power Roster - Workforce Manager Role

Power Roster - Admin Role

Rosters

-

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

    • Assign/share

  • Org Level

    • CRUD

    • Assign/share

Patterns

-

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

    • Assign/share

  • Org Level

    • CRUD

    • Assign/share

Periods

-

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

    • Assign/share

  • Org Level

    • CRUD

    • Assign/share

Positions

-

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

    • Assign/share

  • Org Level

    • CRUD

    • Assign/share

Instances

-

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

    • Assign/share

  • Org Level

    • CRUD

    • Assign/share

Personas

-

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

    • Assign/share

  • Org Level

    • CRUD

    • Assign/share

Entries

Vel_timeentry

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

    • Assign/share

  • Org Level

    • CRUD

    • Assign/share

vel_timentrycategory

  • Org Level

    • Read only

  • Org Level

    • CRUD

    • Assign/share

  • Org Level

    • CRUD

    • Assign/share

Rules

Vel_timeentryrule

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

    • Assign/share

  • Org Level

    • CRUD

    • Assign/share

vel_timeentrystatus

  • Org Level

    • Read only

  • Org Level

    • CRUD

    • Assign/share

  • Org Level

    • CRUD

    • Assign/share

vel_timeentrysubcategory

  • Org Level

    • Read only

  • Org Level

    • CRUD

    • Assign/share

  • Org Level

    • CRUD

    • Assign/share

msdyn_warehouse

  • Org Level

    • Read only

-

-

Approvals

Vel_approvalflowstage

  • Org Level

    • Read only

  • Org Level

    • CRUD

    • Assign/share

  • Org Level

    • CRUD

    • Assign/share

Vel_approvalflowasyncevent

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

    • Assign/share

  • Org Level

    • CRUD

    • Assign/share

Vel_approvalflowdefinition

  • Org Level

    • Read only

  • Org Level

    • CRUD

    • Assign/share

  • Org Level

    • CRUD

    • Assign/share

Vel_approvaltransition

  • Org Level

    • Read only

  • Org Level

    • CRUD

    • Assign/share

  • Org Level

    • CRUD

    • Assign/share

Vel_approvalflowvalidationrules

-

  • Org Level

    • CRUD

    • Assign/share

  • Org Level

    • CRUD

    • Assign/share

Availability

Vel_availability

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

    • Assign/share

  • Org Level

    • CRUD

    • Assign/share

Balance

Vel_availabilitybalance

  • Org Level

    • Read only

  • User Level

    • Read Only

  • Org Level

    • CRUD

    • Assign/share

Status

Vel_availabilitystatus

  • Org Level

    • Read only

  • Org Level

    • Read

    • Append

    • Append To

  • Org Level

    • CRUD

    • Assign/share

Availability Types

Vel_availabilitytype

  • Org Level

    • Read only

  • Org Level

    • Read

    • Append

    • Append To

  • Org Level

    • CRUD

    • Assign/share

Bookable Resource

Bookableresource

  • Org Level

    • Read only

  • Org Level

    • CRUD

    • Append

    • Append To

    • Assign/Share

  • Org Level

    • CRUD

    • Assign/share

msdyn_bookableresourceassociation

  • Org Level

    • Read only

-

-

msdyn_bookableresourcebookingquicknote

  • Org Level

    • Read only

-

-

msdyn_bookableresourcecapacityprofile

  • Org Level

    • Read only

-

-

vel_bookableresourcecategoryassndateranges

  • Org Level

    • Read only

-

-

vel_powerrosterbookmarks

  • Org Level

    • Read only

-

-

Bookableresourcebooking

  • Org Level

    • Read only

  • Org Level

    • CRUD

    • Append

    • Append To

    • Assign/Share

-

Bookableresourcebookingheader

  • Org Level

    • Read only

  • Org Level

    • CRUD

    • Append

    • Append To

    • Assign/Share

-

Bookableresourcecategory

  • Org Level

    • Read only

  • Org Level

    • CRUD

    • Append

    • Append To

    • Assign/Share

-

Bookableresourcecategoryassn

  • Org Level

    • Read only

-

-

bookableresourcegroup

  • Org Level

    • Read only

  • Org Level

    • CRUD

    • Append

    • Append To

    • Assign/Share

-

vel_bookableresourcecategorysend

-

  • Org Level

    • CRUD

    • Append

    • Append To

    • Assign/Share

-

bookableresourcebookingexchange

-

  • Parent Child BU Level

    • CRUD

    • Assign/Share

-

bookableresourcecharacteristic

-

  • Org Level

    • CRUD

    • Append

    • Append To

    • Assign/Share

-

Schedule Board

Msdyn_schedule

  • Org Level

    • Read only

-

-

Msdyn_scheduleboardsetting

-

  • Parent Child BU Level

    • Create

    • Update

    • Assign/Share

  • User Level

    • Write

    • Delete

  • Org Level

    • CRUD

    • Assign/Share

msdyn_schedulingparameter

-

  • Org Level

    • Read Only

-

msdyn_systemuserschedulersetting

-

  • Parent Child BU Level

    • Create

    • Read

    • Append

    • Append To

    • Assign/Share

  • User Level

    • Write

  • Org Level

    • CRUD

    • Assign/Share

Forecast Model

Vel_demandforecastmodel

  • Org Level

    • Read only

  • User Level

    • CRUD

    • Append

    • Append To

    • Assign/Share

  • Org Level

    • CRUD

    • Assign/Share

Forecast Data

Vel_demandforecastdata

-

  • User Level

    • CRUD

    • Append

    • Append To

    • Assign/Share

  • Org Level

    • CRUD

    • Assign/Share

Notifications

Vel_compliancenotification

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

    • Append

    • Append To

    • Assign/Share

  • Org Level

    • CRUD

    • Assign/Share

vel_compliancelog

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

    • Append

    • Append To

    • Assign/Share

-

vel_compliancenotificationsummary

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

    • Append

    • Append To

    • Assign/Share

  • Org Level

    • CRUD

    • Assign/Share

vel_compliancenotificationshifts

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

    • Append

    • Append To

    • Assign/Share

  • Org Level

    • CRUD

    • Assign/Share

vel_shiftnotifications

-

  • Parent Child BU Level

    • CRUD

    • Append

    • Append To

    • Assign/Share

-

Configuration

vel_compliancecontractconstraints

-

  • Parent Child BU Level

    • CRUD

    • Assign/Share

-

vel_compliancecontractualconstraint

-

  • Parent Child BU Level

    • CRUD

    • Assign/Share

  • Org Level

    • CRUD

    • Assign/Share

vel_complianceconstraintallocation

-

-

  • Org Level

    • CRUD

    • Assign/Share

vel_crewallocationsetting

-

  • Parent Child BU Level

    • CRUD

    • Assign/Share

-

vel_complianceparameter

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

  • Org Level

    • CRUD

    • Assign/Share

vel_complianceparametervalue

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

  • Org Level

    • CRUD

    • Assign/Share

vel_compliancerule

-

-

-

Runs

Vel_compliancenotificationheader

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

  • Org Level

    • CRUD

    • Assign/Share

Breached

Vel_compliancenotification

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

  • Org Level

    • CRUD

    • Assign/Share

vel_complianceparameter

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

  • Org Level

    • CRUD

    • Assign/Share

vel_complianceparametervalue

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

  • Org Level

    • CRUD

    • Assign/Share

App Settings

Vel_appsettings

  • Org Level

    • Read only

  • Org Level

    • Read only

  • Org Level

    • CRUD

    • Assign/Share

Roster Settings

Vel_rostersettings

-

  • Org Level

    • Read only

  • Org Level

    • Read Only

Subscription

Vel_subscriptionconfiguration

-

  • Org Level

    • Read only

  • Org Level

    • CRUD

    • Assign/Share

Health Check

Msdyn_dataanalyticsreport

  • Org Level

    • Read only

  • Org Level

    • Read only

  • Org Level

    • CRUD

    • Assign/Share

Reports

vel_demandforecastdata

  • Org Level

    • Read only

  • User Level

    • Read only

  • Org Level

    • CRUD

    • Assign/Share

vel_demandforecastmodel

  • Org Level

    • Read only

  • User Level

    • Read only

  • Org Level

    • CRUD

    • Assign/Share

vel_externalreference

  • Org Level

    • Read only

-

  • Org Level

    • CRUD

    • Assign/Share

Flow Definitions

Vel_approvalflowdefinition

  • Org Level

    • Read only

  • Org Level

    • Read

    • Append

    • Append To

  • Org Level

    • CRUD

    • Assign/Share

vel_approvalflowinstance

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

    • Assign/Share

  • Org Level

    • CRUD

    • Assign/Share

vel_approvalflowstage

  • Org Level

    • Read only

  • Org Level

    • Read

    • Append

    • Append To

  • Org Level

    • CRUD

    • Assign/Share

approvalstageorder

-

-

  • Org Level

    • CRUD

    • Assign/Share

vel_approvaltransition

-

  • Org Level

    • Read

    • Append

    • Append To

  • Org Level

    • CRUD

    • Assign/Share

vel_approvalflow

-

  • Org Level

    • Read

    • Append

    • Append To

  • Org Level

    • CRUD

    • Assign/Share

Approvalstageapproval

-

-

  • Org Level

    • CRUD

    • Assign/Share

Approvalstagecondition

-

-

  • Org Level

    • CRUD

    • Assign/Share

Validation Rules

Vel_approvalflowvalidationrules

  • Org Level

    • Read only

  • Org Level

    • Read

    • Append

    • Append To

  • Org Level

    • CRUD

    • Assign/Share

Roster Statuses

vel_RosterStatus

  • Org Level

    • Read only

  • Org Level

    • CRUD

    • Append

    • Append To

    • Assign/Share

  • Org Level

    • CRUD

    • Assign/Share

Shift Types

vel_shifttype

  • Org Level

    • Read only

  • Org Level

    • CRUD

    • Append

    • Append To

  • Org Level

    • CRUD

    • Assign/Share

Time Management

vel_TimeEntry

  • Org Level

    • Read only

-

-

vel_timeentrycategory

  • Org Level

    • Read only

  • Org Level

    • CRUD

    • Append

    • Append To

    • Assign/Share

  • Org Level

    • CRUD

    • Assign/Share

vel_timeentrysubcategory

-

  • Org Level

    • CRUD

    • Append

    • Append To

    • Assign/Share

  • Org Level

    • CRUD

    • Assign/Share

vel_timeentrystatus

-

  • Org Level

    • CRUD

    • Append

    • Append To

    • Assign/Share

  • Org Level

    • CRUD

    • Assign/Share

User

-

  • Org Level

    • Read

    • Append

    • Append To

  • Org Level

    • Read

Accounts

-

  • Org Level

    • Read

    • Append

    • Append To

    • Share

  • Parent Child BU Level

    • Assign

  • Org Level

    • Read

Contacts

-

  • Parent Child BU Level

    • CRUD

  • Org Level

    • Read

Shift Notifications

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

  • Org Level

    • CRUD

    • Assign/Share

Logs

  • Org Level

    • Read only

  • Org Level

    • CRUD

    • Assign/Share

  • Org Level

    • CRUD

    • Assign/Share

Rpi whc logs

-

-

  • Org Level

    • CRUD

    • Assign/Share

Models

vel_rostersmartassignmodel

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

  • Org Level

    • CRUD

    • Assign/Share

vel_rostersmartassignmodelscope

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

  • Org Level

    • CRUD

    • Assign/Share

vel_rostersmartassignshiftcandidate

-

  • Parent Child BU Level

    • CRUD

  • Org Level

    • CRUD

    • Assign/Share

Runs

vel_rostersmartassignrun

  • Org Level

    • Read only

  • Parent Child BU Level

    • CRUD

  • Org Level

    • CRUD

    • Assign/Share

Calendar

Vel_holidaycalendar

  • Org Level

    • Read only

  • Org Level

    • CRUD

  • Org Level

    • CRUD

    • Assign/Share

vel_holidaycalendardate

  • Org Level

    • Read only

  • Org Level

    • CRUD

  • Org Level

    • CRUD

    • Assign/Share

Dates

vel_holidaycalendardate

  • Org Level

    • Read only

  • Org Level

    • CRUD

  • Org Level

    • CRUD

    • Assign/Share