Power Platform Dataverse
What is Microsoft Dataverse (in context)
Microsoft Dataverse is a cloud-based data storage and management platform (previously known as Common Data Service).
It provides a secure, scalable, relational database designed to integrate with Power Apps, Power Automate, Power BI, and Power Virtual Agents.
It’s essentially Microsoft’s "data backbone" for the Power Platform.
Why you might use Dataverse
You’d use Dataverse when you need:
- A unified, structured data model (similar to SQL tables) shared across multiple Power Platform apps.
- Data security and governance — role-based security, auditing, compliance, and integration with Azure Active Directory.
- Relational data — handling complex data with relationships (one-to-many, many-to-many) and business logic.
- Integration — native connection to Dynamics 365, Microsoft 365, and Azure.
- Offline and mobile support — Power Apps using Dataverse can work offline and sync automatically.
Scenario 1 – Using Dataverse
Example: company helpdesk system
- Power Apps: to create a mobile/web app for employees to submit support tickets.
- Power Automate: to send notifications when a ticket is created or assigned.
- Power BI: to report on ticket resolution times and trends.
Dataverse’s role:
- Stores structured data like
Tickets,Employees,Departments,Comments. - Manages relationships (e.g., one department → many employees).
- Provides built-in security so employees only see their own tickets.
- Supports business rules, data validation, and lookup columns.
Scenario 2 – Without Dataverse
Example: simple vacation request automation
- Power Apps: simple form for submitting vacation requests.
- Power Automate: saves to Excel in SharePoint and sends approval emails.
Storage: Excel/SharePoint lists/OneDrive instead of Dataverse.
Why it works without Dataverse:
- Simple data model (few columns, no complex relationships).
- Lower compliance/security needs.
- Cheaper — no Dataverse/premium connector licensing required.
Key differences: Dataverse vs external storage
| Feature / need | Dataverse | Without Dataverse (e.g., SharePoint, Excel, SQL) |
|---|---|---|
| Complex relationships | Yes | Difficult |
| Role-based security | Built-in | Manual setup |
| Data validation & business rules | Built-in | Manual or missing |
| Offline support (Power Apps) | Yes | No |
| Integration with Dynamics 365 | Native | Limited |
| Cost | Requires premium licensing | Cheaper / free |
| Scalability | Enterprise-grade | Limited |
Rule of thumb
- Use Dataverse when you need a robust, secure, multi-app data model that multiple Power Platform services will rely on.
- Use other storage (like SharePoint or Excel) for simple, low-cost automations and single-purpose apps.
Dataverse security model overview
Dataverse uses a role-based security model that combines:
- User accounts (from Azure AD / Microsoft 365)
- Security roles (what actions you can take)
- Access levels (how broadly you can act)
- Team membership (shared roles or ownership)
- Record ownership (who owns the data)
- Hierarchical and field-level permissions (optional refinements)
Permissions can be controlled:
- At the environment level
- At the table level
- At the record level
- At the field level
Environment access
Before you can use Dataverse you need:
- A valid Power Apps or Dynamics license, and
- Access to the environment that contains the Dataverse database.
Security roles
Security roles define what you can do in Dataverse (e.g., read, write, delete) and how broadly (own records vs all records).
Common actions: Create, Read, Write, Delete, Append, Append To, Share, Assign.
Access levels (scopes)
| Access level | Description |
|---|---|
| None | No access at all |
| User | Only records you own or are shared with you |
| Business Unit | All records in your business unit |
| Parent: Child Business Unit | Your business unit and its subunits |
| Organization | All records in the environment |
Teams
Teams can be used to inherit security roles:
- Owner team: owns records, can have security roles assigned directly
- Access team: temporary shared access to specific records
- Azure AD group team: membership synced from Azure AD groups
Record ownership and sharing
Each record has an owner (user or team). Owners can share records with others (e.g., read-only).
Field-level security
Dataverse supports Field Security Profiles for sensitive fields to control read/update/create at the column level.
Hierarchical security (optional)
Optional hierarchy-based access (e.g., managers can see their team’s data) using manager/position hierarchies.
Predefined security roles
Every Dataverse environment includes standard roles you can build on:
- System Administrator
- System Customizer
- Basic User
- Environment Maker (environment-wide role, not a Dataverse role)