Dataverse for Teams is an exciting development platform that lets you get apps quickly into your user’s hands, and surfaced directly where they are doing most of their collaboration – inside the Microsoft Teams client.

Dataverse for Teams is a subset of standalone Dataverse in the Power Platform, and while it has many of the main characteristics of Dataverse, there are some features that are scaled back or simplified, especially with regards to advanced security configurations. The inability to create custom Security Roles, no Record Sharing capability, and the simplified permission sets available (Full Control, Collaborate, Reference, Private, None) make it harder to create custom roles and permission levels that don’t directly correspond to the Owners/Members/Guests hierarchy. For example, maybe you want to expose table data to your external partners who you invite to your Teams as external Guest users, and you want each partner organization to view their own organization’s records but not see or edit records from other organizations. The simplified permissions in Dataverse for Teams make it difficult to achieve this, as all the users will be treated as “Guests” collectively and assigned the same permission levels that all Guests are assigned to the tables, and you don’t have a mechanism to further group these users beyond Owners/Members/Guests. This post will show you a creative way to achieve this using record ownership instead of custom security roles.

The quick summary – you can create custom “Teams” in Dataverse for Teams (just like in standalone), and assign record ownership to a Team instead of an individual user, and thereby create another hierarchical layer of permissions. Read on to understand the backstory more, or jump ahead to see how to do it.