Table of Contents

Creating a Custom Project for the web DataReader Security Role

To facilitate the retrieval of data from a Project for the web Dataverse Database, an account must have permissions to read the data from the Project for the web tables. Some organizations choose to simply provide the account that is accessing the data (credentials running the data flow) with the “System Administrator” role in the Power Apps environment (typically the default environment in a tenant). However, following the principle of least privilege, it is our recommendation that a custom security role be created in the P4TW environment that provides read permissions to the Project for the web tables and no others.

Steps to create a custom security role for P4TW DataReader

  • Access the Power Apps admin portal at https://admin.powerapps.com
  • Once in the portal, select the environment where the changes must be applied
  • Click “Settings”
  • Expand the “Users + permissions” grouping and click “Security Roles” Image shows the Users + permissions menu
  • Click “New Role”. Image shows the new role window
  • Give the role a name, we have used the name “P4TW DataReader”, which we will reference throughout the steps below. Image shows the Role Name setting
  • On the following tabs, provide “read” access to the following tables at an organizational level (full green circle).
    • “Service” tab
      • Bookable Resource
    • “Business Management” tab
      • User
    • “Custom Entities”
      • Project
      • Project Bucket
      • Project Task
      • Project Task Dependency
      • Project Team Member
      • Resource Assignment
      • Roadmap
      • Roadmap Item
      • Roadmap Item Link
      • Roadmap Row Link
      • Roadmap User Setting

An example of what this looks like is below for the last 5 tables in the Custom Entities table. Image shows the Custom Entities table

  • Click “Save and close” to save the new security role.

Apply the New Custom Role to the Account Running the P4TW to Altus Dataflow(s)

Once the role has been created, it must be applied to the account whose credentials are used for the authentication for the data flow from P4TW to Altus. The data flows for P4TW as an execution tool currently queries for data from the Project, Resource Assignment, and Project Task tables, however, in order to facilitate ease of customization, we’ve defined the role above to access all potential P4TW or Roadmap data.

To apply the role:

  • Apply the new role to the user account that is running the data flows to Altus. This can be done a number of ways, navigate to the environment “Advanced Settings” using the “Settings” cog.
  • Click the “Settings” menu, then “Security”. Image shows the Settings menu
  • Click “Users”. Image shows the Security menu
  • Find the user whose credentials will be used for the data flow to Altus. Click the checkbox next to the user name, then click “Manage Roles”. Image shows the Manage Roles button in the menu
  • Find the “P4TW DataReader” role and check the checkbox for it, then click “OK”. Image shows the Manage User Roles window
Note

If you have created a new user account for NO OTHER purpose in your environment, you should not require any other roles. However, if the user is used for other purposes, please ensure that the appropriate roles required are left on the user.

Run the Data Flow to ensure that data is accessible for retrieval into Altus

Now the data flow can be either refreshed (if it was already configured), or it can be configured using the credentials for the account specified.

Edit this page