ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam PL-600 All Questions

View all questions & answers for the PL-600 exam
Go to Exam

Exam PL-600 topic 2 question 69 discussion

Actual exam question from Microsoft's PL-600
Question #: 69
Topic #: 2
[All PL-600 Questions]

HOTSPOT
-

A company has a Power Apps app and uses Microsoft Dataverse for data storage.

The company plans to provide employees the ability to create the following:

• Data loss prevention (DLP) policies that are at the environment level.
• Applications that allow employees to access only the activity records that they create.

You need to identify the security roles that the employees require.

Which security roles should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by dbc2c96 at April 8, 2024, 9:02 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Hamed64
1 week, 2 days ago
Create DLP policies at the environment level Power Platform Admin Create apps with user-specific activity access Environment Maker
upvoted 1 times
...
CoderF
4 months, 3 weeks ago
1- Power Platform admin permissions. 2 - System customizer
upvoted 4 times
loftuscheek
3 months, 2 weeks ago
this is correct
upvoted 1 times
loftuscheek
3 months, 2 weeks ago
sorry its 1 system admin 2 system custom
upvoted 2 times
...
...
...
ziggy1117
5 months, 1 week ago
1. System Administrator Environment-level policies - For environments with a Dataverse database, you need to be assigned the System Administrator role instead. https://learn.microsoft.com/en-us/power-platform/admin/prevent-data-loss 2. System Customizer - Has full permission to customize the environment. Can view all custom table data in the environment. However, users with this role can only view records that they create in Account, Contact, Activity tables. https://learn.microsoft.com/en-us/power-platform/admin/database-security
upvoted 2 times
...
SirajM
1 year, 2 months ago
for 2nd one, The Service Reader role can only be assigned to an app user. it cannot be assigned to licensed users. so ruled out. why is it environment maker ? even this role doesn't have any privileges to access data in an environment. https://learn.microsoft.com/en-us/power-platform/admin/database-security#predefined-security-roles
upvoted 3 times
ryanzombie
7 months, 1 week ago
2nd should be System Customizer. The requirement provided is "Applications that allow employees to access only the activity records that they create" which is in line with the notes on the System Customizer role in your provided link.
upvoted 4 times
Tootru2bReal
5 months, 3 weeks ago
I am really trying to figure out WHO is actually providing the answers to these questions smh. It certainly cannot be people that work in this environment every day. 1) Power Platform Admin (Global can set tenant wide policies & the other role Environment Admin can set DLP as well. But that's NOT an option and do not get Sys Admin confused. That is two entirely different roles). https://learn.microsoft.com/en-us/power-platform/admin/prevent-data-loss. I like to provide links just for your reading. You will see "To create, edit, or delete data policies, you must have either Environment Admin or Power Platform admin permissions."
upvoted 1 times
Tootru2bReal
5 months, 3 weeks ago
2) The wording is tricky here. I would go with "Environment Maker" because the requirement is to ONLY create the application. I as well initially thought System Customizer, but the missing or other part to this would be the role that is actually assigned to the users using the app to determine what they can see. I understand the question to be, "the role required to create the application". Microsoft and their wording again.
upvoted 1 times
Tootru2bReal
5 months, 2 weeks ago
Was testing a few things out and I #1 should be System Admin, especially in a Dataverse environment. Environment Admin is for non-Dataverse environments. And the requirement was for "Environment level" policies and not "Tenant level". 1. Sys Admin 2. Environment Maker (role needed just to create the application. Not apply permissions on the data).
upvoted 2 times
Tootru2bReal
5 months, 2 weeks ago
Ok! I will never second guess myself again. I knew I wasn't going crazy lol. In the Power Platform, a System Admin generally has broader administrative capabilities across the entire tenant, but they cannot manage Data Loss Prevention (DLP) policies unless they also have the Power Platform Admin or Environment Admin roles. To manage DLP policies, the user must have one of the following roles: Power Platform Admin: Can create and manage both tenant-level and environment-level DLP policies. Environment Admin: Can create and manage DLP policies within specific environments. In summary, while a System Admin has extensive privileges, they must also have the specific Power Platform Admin or Environment Admin roles to manage DLP policies.
upvoted 1 times
...
...
...
...
WASSIM2020
6 months ago
Both system writer and system customiser can create app ChatGPT : The term System Writer isn't a widely used or defined standard role in the broader Microsoft 365 ecosystem. However, if you're referring to roles like System Customizer in Dynamics 365 or Environment Maker in Power Platform, those roles enable users to write and make customizations within the system. If you have a more specific platform or context in mind, please let me know!
upvoted 1 times
WASSIM2020
5 months, 1 week ago
sorry, i mean Enviroment Maker and System customizer
upvoted 1 times
...
...
...
...
axl_197
1 year, 2 months ago
1)sysadmin administrator https://learn.microsoft.com/en-us/power-platform/admin/create-dlp-policy https://learn.microsoft.com/en-us/power-platform/admin/use-service-admin-role-manage-tenant 2)environment maker
upvoted 1 times
...
AGTraining
1 year, 2 months ago
1) System Administrator 2) Environment Maker. "Service Reader". Has full Read permission to all entities, including custom entities. This role is primarily used by the service and requires reading all entities. This role can't be assigned to a user or team."
upvoted 1 times
...
99e5f90
1 year, 2 months ago
I guess the answers are correct. You need system administrator for environmental level DLP setting to f it is connected with Dataverse. https://learn.microsoft.com/en-us/power-platform/admin/create-dlp-policy With service writer permission, they can edit privileges. https://learn.microsoft.com/en-us/power-platform-release-plan/2020wave2/data-platform/new-service-reader-service-writer-security-roles
upvoted 1 times
99e5f90
1 year, 2 months ago
Sorry the 2nd answer is Environment Maker
upvoted 3 times
...
...
Jef3003
1 year, 2 months ago
1) sysadmin 2) service writer These security roles are managed by the system and cannot be updated by the local administrator. These roles have read access to all out-of-the-box tables, including custom tables. The Service Writer role has create and update privileges to all out-of-the-box and custom tables.
upvoted 2 times
ryanzombie
7 months, 1 week ago
You cannot assign the Service Writer role to Employees according to https://learn.microsoft.com/en-us/power-platform/admin/database-security#predefined-security-roles Additionally, the requirement is "Applications that allow employees to access only the activity records that they create". This falls in line with "System Customizer Has full permission to customize the environment. Can view all custom table data in the environment. However, users with this role can only view records that they create in Account, Contact, Activity tables." via the same link above. 1) System Administrator 2) System Customizer
upvoted 4 times
...
...
dbc2c96
1 year, 2 months ago
What is the correct answer?
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel