This content originally appeared on DEV Community and was authored by Nikhil Sarpatwari
Introduction
Managing security access in Dynamics 365 environments can often be a bottleneck, especially in non-production instances where speed and agility are key. Admin-only access models introduce friction for testers, Business Analysts (BAs), and Product Owners (POs), especially during sprint cycles and testing phases.
To address this gap, I built a Security Management Canvas App a purpose-driven tool designed to simplify security access requests and empower non-admin users with autonomy and clarity.
This app isn't just a utility it's a self-service portal for efficiently assigning security roles, teams, and queues in Dynamics 365, backed by seamless Power Automate integration.
Who Is It For?
This app was designed with the following personas in mind:
- Testers to quickly assign themselves to test teams and queues
- Business Analysts to manage demo access, sprint walkthroughs, and feature testing
- Product Owners to ensure the right access is in place for reviews and feature validation
All within the confines of non-production environments to maintain control while boosting speed.
Key Features
1. Mode-Based Access Requests
A simple radio button lets users choose:
- Full Update Traditional view showing Business Unit, Team, Role, and Queue dropdowns.
- Team Only Update A minimal mode for just assigning teams to a user. Ideal for testers.
This makes the app adaptable to different access needs with minimal friction.
2. Dynamic and Filtered Dropdowns
Each dropdown in the app is dynamically filtered for context:
- Business Units: Only active units shown.
-
Teams: Filtered by BU and excludes out-of-the-box default teams (
Is Default = false). - Users: Filtered by BU or Team.
-
Roles: Excludes system-generated roles (
StartsWith(Name, "00.")). - Queues: Contextual based on BU or Team.
3. Smart Conditional UI
- Submit Button: Logic changes based on selected mode.
- Combobox Visibility: Controlled by radio button value for a clutter-free experience.
The app ensures users only interact with controls relevant to their selected mode.
4. Multi-Team Assignment
In Team-Only mode, users can:
- Pick a user via ComboBox
- Select multiple teams using a multi-select ComboBox
This supports batch assignments, especially helpful during regression testing or when reassigning users across functional squads.
5. Seamless Power Automate Integration
A behind-the-scenes Power Automate flow processes all submissions. It handles:
- Input from either mode
- Array values for multi-team assignment
- Logic branching based on mode selection
This keeps the Canvas App lightweight while delivering power through automation.
6. Confirmation Screen for Closure
After submitting the form, users are taken to a success screen that:
- Confirms submission
- Offers a button to close the app
This provides closure and improves the end-to-end experience.
✅ Optional Approval via Microsoft Teams Card
You can optionally introduce an approval step to add governance without sacrificing agility — especially useful for teams that need audit trails or multi-level oversight.
How it works:
- When a user submits a request via the Canvas App, a Teams Adaptive Card is posted to a designated approval channel.
- Approvers can approve or reject the request inline within Microsoft Teams.
- Only upon approval does the flow proceed to apply the security changes (e.g., role assignments, team membership updates).
Real-Life Scenarios
| Persona | Use Case |
|---|---|
| Tester | Assign self to test teams before regression |
| BA | Set up access for a demo or sprint showcase |
| PO | Add themselves to queues and roles for sprint sign-off |
| Scrum Master | Ensure teams have the right setup before sprint planning |
Technical Highlights
| Component | Filtering Logic/Formula |
|---|---|
| Business Units | Sort(Filter('Business Units', statecode = 0), 'Name') |
| Teams | Filter('Teams', 'Business Unit' = BU && 'Is Default' = false) |
| Users | Filter(Users, 'Business Unit' = cmbBusinessUnit.Selected.'Business Unit') |
| Roles | Filter('Security Roles', !StartsWith(Name, "00.")) |
| Queues | Filter(Queues, 'Business Unit' = cmbBusinessUnit.Selected.'Business Unit') |
Benefits
- Removes reliance on admins for routine changes
- Accelerates UAT and sprint cycles
- Keeps non-prod environments clean and governed
- Improves traceability and consistency in access requests
What It Doesn't Do (Yet)
- No in-app audit logging (planned)
- Currently scoped to non-prod only (intentional)
Final Thoughts
This Canvas App turns access control from an IT dependency into a collaborative, self-service workflow. It's adaptable, secure, and integrates directly into existing Power Platform environments.
The success of this app proves that small UX tweaks and conditional logic can yield powerful results in enterprise automation.
This content originally appeared on DEV Community and was authored by Nikhil Sarpatwari
Nikhil Sarpatwari | Sciencx (2025-06-28T00:30:57+00:00) Secure D365 Like a Pro: Automate Access Requests with Canvas App + Teams Approvals. Retrieved from https://www.scien.cx/2025/06/28/secure-d365-like-a-pro-automate-access-requests-with-canvas-app-teams-approvals/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.