79772009

Date: 2025-09-22 20:00:29
Score: 0.5
Natty:
Report link

I can see 2 appraches:-

First one:- Enforce at the source (Dataverse security roles) — the real control

Create a Read-Only role for your target table(s):

Table permissions: Read = Organization, Create/Write/Delete = None, Append/Append To = None (adjust if they need lookups).

Create a Writer role for selected users:

Table permissions: Create/Write (and Append/Append To) = BU/Org as needed; Delete optional.

Assign the Writer role to a Dataverse Team that’s mapped to an AAD security group. Add/remove people in that AAD group to control who can write. Everyone else only gets the Read-Only role.

This way—even if someone finds a way to hit your flow—the write will fail if they don’t have Dataverse write permission.

Second one:- Make the flow run as the caller (not as you)

For your Instant cloud flow triggered from the Power BI button:

Open the flow → Details → Run-only users.

Reasons:
  • Long answer (-0.5):
  • No code block (0.5):
  • Low reputation (0.5):
Posted by: microsoftdeveloperdesigner