Share a Dataverse record can be used to give access to a specific record to a specific user. There is a button in Model driven to do so, but let’s also do it with Power Automate.
- How does it work in Model-Driven?
- List shared access for a record with Power Automate
- Share access for a record with Power Automate
- Revoke shared access for an user with Power Automate
1. How does it work in Model-Driven?
In any model driven app, you can select a record and share it. it is going to ask you the user to share with and which access should the user have.
Now you know how to share with model driven, but is it working while clicking on share? If you launch the debbugger console, you are going to be able to notice that it is calling the GrantAccess method from the API.
While revoking access, it is calling the RevokeAccess method from the API.
Also something important to see, is how it is retreiving who have access to which items. From the debbuguer we can see that it is calling a request to the table named principalobjectaccessset with a Fetch xml request.
2. List shared access for a record with Power Automate
As mentionned in 1. How does it work in Model-Driven?, we need to do a request to principalobjectaccessset table.
Yhe objectid column is actually the GUID of your Dataverse record and the objecttypecode is the related Dataverse table.
Here if you want to copy paste the OData query
objectid eq [YOUR DATAVERSE ITEM GUID] and objecttypecode eq '[YOUR DATAVERSE TABLE SHCEMA NAME]'
And the select columns property:
accessrightsmask,principalid,principalobjectaccessid,principaltypecode,objectid,objecttypecode
So to get the value of the user:
- User GUID: items(‘Apply_to_each’)?[‘principalid‘]
3. Share access for a record with Power Automate
As mentionned in 1. How does it work in Model-Driven?, it calls the GrantAccess method in the API. But we don’t need to directly call this API, in fact you can find GrantAccess in the Perform an unbound action from the Dataverse actions.
While selecting GrantAccess, the same parameters as the API appears:
Please note: Escape char in Power Automate is @, that’s the reason why you have @@. Don’t forget it.
If you want to copy Target:
{
"@@odata.type": "Microsoft.Dynamics.CRM.[DATAVERSE TABLE SCHEMA NAME]",
"[DATAVERSE GUID COLUMN SCHEMA NAME]": "[DATAVERSE ITEM GUID TO SHARE ACCESS WITH]"
}
Now, regarding PrincipalAccess, you have noticed AccessMask, this is where you define which kind of access the user need to have on the record. You can find AccessRIghts enum info on this page :
AccessRights EnumType (Microsoft.Dynamics.CRM) | Microsoft Learn
{
"AccessMask": "[ACCESSRIGHTS ENUM VALUE SEPARATED BY COMMA]",
"Principal": {
"@@odata.type": "Microsoft.Dynamics.CRM.systemuser",
"systemuserid": "[GUID OF THE USER YOU WANT TO SHARE RECORD ACCESS]"
}
}
4. Revoke shared access for an user with Power Automate
As mentionned in 1. How does it work in Model-Driven?, it calls the RevokeAccess method in the API. But we don’t need to directly call this API, in fact you can find RevokeAccess in the Perform an unbound action from the Dataverse actions.
Please note: Escape char in Power Automate is @, that’s the reason why you have @@. Don’t forget it.
If you want to copy Target:
{
"@@odata.type": "Microsoft.Dynamics.CRM.[DATAVERSE TABLE SCHEMA NAME]",
"[DATAVERSE GUID COLUMN SCHEMA NAME]": "[DATAVERSE ITEM GUID TO SHARE ACCESS WITH]"
}
If you want to copy Revokee:
{
"@@odata.type": "Microsoft.Dynamics.CRM.systemuser",
"systemuserid": "[GUID OF THE USER YOU WANT TO REVOKE ACCESS]"
}