Assign security roles

  • 7 minutes

A security role defines how users, such as a clinician, field service agent, or knowledge base creator, can access different types of resources. To work with Microsoft Cloud for Healthcare solutions, make sure that you assign correct security roles to users. In this unit, you learn about the required security roles that you need to assign to a user and a Microsoft Entra ID app. For more information, see Security roles and privileges in Microsoft Power Platform.

Security roles Description
Basic User Allows the user to run an app within the Dataverse environment and perform common tasks for the records that they own.
Field Service - Resource This role is designed for frontline workers who can read and update their assigned work orders.
Knowledge Manager Allows the user to create/read/write/delete/append knowledge base records.
Omnichannel agent Allows the user to perform agent tasks.
Productivity tools administrator Required by administrators of Dynamics 365 productivity tools. Allows the administrator to create/read/write/append/delete agent script, script step, and workflow.
Productivity tools user Required by users of Dynamics 365 productivity tools. Allows the user to read agent script, script step, and workflow.
System Administrator Grants full permission for the user to customize or administer a Dataverse environment.
Customer service manager Allows a user to review customer service performance and enable the customer service process.
Customer service representative Allows a user to document customer service events and respond to customer service inquiries.

Task: Assign a security role to a system administrator

In this task, you go through the steps to assign security roles to a system administrator account.

Note

In your organization, these security roles could be assigned to individuals as needed based on their job responsibilities.

Note

To perform these tasks, you must make sure that you’re signed in with the system administrator user account that you created in the Create a Microsoft 365 tenant.

  1. While signed in to your Microsoft 365 tenant as system administrator, go to Power Platform admin center.

  2. On the left navigation pane, select Environments. In the right pane, select the Microsoft Cloud for Healthcare environment. On the command bar, select Settings, as shown in the following screenshot.

    Screenshot of Environment page with Settings option highlighted.

  3. On the Settings page, select Users + permissions > Users.

    Screenshot of the Settings page with the User + Permissions option highlighted.

  4. Select a user who you want to assign security roles to. Select Manage security roles.

    Screenshot of Users page.

  5. Assign the following security roles:

    • Basic User

    • Field Service-Resource

    • Knowledge Manager

    • Omnichannel agent

    • Productivity tools administrator

    • Productivity tools user

    • System Administrator

  6. When you're finished selecting security roles, select Save.

    Screenshot of Purchase services, with Add-ons and Details highlighted.

Task: Assign a security role to an application user

In this task, you go through the steps to assign security roles to the Demo Health Bot app that you registered in Microsoft Entra ID in the previous unit.

  1. Select Settings.

    Screenshot of Environment page with Settings and Microsoft Cloud for Healthcare trial highlighted.

  2. On the Settings page, select Users + permissions > Application users.

    Screenshot of Application users option highlighted.

  3. Before you can assign a security role to an application, you need to add it as an application user. On the Application users page, select +New app user.

    Screenshot of Application users page with New app user option highlighted.

  4. In the Create a new app user panel, select + Add an app.

    Screenshot of Add an app option highlighted.

  5. In the Add an app from Microsoft Entra ID panel, select the app that you created and registered in Microsoft Entra ID in the previous task. Select Add.

    Screenshot of Add an app from Microsoft Entra ID page.

  6. After adding the Microsoft Entra ID app, you'll be redirected to the Create a new app user panel. From the Business unit dropdown menu, select the default business unit. Select the edit icon beside the Security roles option.

    Screenshot of Create a new app user page with Demo selected.

  7. In the Add security roles pane, select Omnichannel agent and then select Save.

    Screenshot of Manage Security Roles page with roles selected.

  8. You're redirected to the Create a new app user panel, which should appear as shown in the following screenshot. Select Create to add Health Bot as an application user and assign it the Omnichannel agent security role.

    Screenshot of Create a new app user page with the default health bot selected.

    Screenshot of the New app user page with Demo health bot selected.

You successfully assigned all security roles to the system administrator account and Microsoft Entra ID app.