ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MB-400 All Questions

View all questions & answers for the MB-400 exam
Go to Exam

Exam MB-400 topic 9 question 3 discussion

Actual exam question from Microsoft's MB-400
Question #: 3
Topic #: 9
[All MB-400 Questions]

DRAG DROP -
You need to assign the minimum environment security role to the appropriate users.
Which security roles should you use? To answer, drag the appropriate security roles to the correct users. Each security role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Common Data Service User -
UserA must be able to create and publish PowerApps apps.
Common Data Service directly against your core business data already used within Dynamics 365 without the need for integration.
✑ Build Apps against your Dynamics 365 Data
✑ Manage reusable Business logic and rules
✑ Reusable skills across Dynamics 365 and Power Apps

Box 2: Environment Maker -
UserB must be the owner of all the systems and be able to provide permissions and create all new environments.
The Environment Maker role can create resources within an environment including apps, connections, custom connectors, gateways, and flows using Power
Automate.

Box 3: System Administrator -
UserC must be able to create apps connected to the systems and update the security roles and entities.
System Administrator is the highest level role which encompasses all the privileges and has over-riding rights. The System Administrator has the authority to allow and remove access of other users and define the extent of their rights. For example, the System Administrator and the System Customizer are given access to custom entities by default while all other users need to be given access. This is the only role that cannot be edited.

Box 4: System Customizer -
End users must have minimum access to the required systems.
Sales users must only have access to their own records.
The System Customizer role is similar to the System Administrator role which enables non-system administrators to customize Dynamics 365. A Customizer is a user who customizes entities, attributes and relationships.
Reference:
https://docs.microsoft.com/en-us/power-platform/admin/environments-overview https://crmbook.powerobjects.com/system-administration/business-administration/security-roles/
Configure Common Data Service
by fvolpe84 at June 6, 2020, 5:32 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rafilks
Highly Voted 4 years, 10 months ago
I bilieve that the correct answers are: A) System Customizer B) Environment Maker C) System Administrator D) Common Data Service Users https://docs.microsoft.com/en-us/power-platform/admin/database-security#predefined-security-roles
upvoted 23 times
Yuris
4 years, 10 months ago
I agree
upvoted 5 times
...
mgharably
4 years, 9 months ago
I guess B)Environment Maker is wrong, Because: Environment Maker Can create new resources associated (with an environment) *Not able to create all new environments. https://docs.microsoft.com/en-us/power-platform/admin/database-security#predefined-security-roles
upvoted 1 times
...
kennyk123
4 years, 8 months ago
D) Is correct as System Customizer . This is due to this statement "Pharmacy representatives must only be able to run the apps and access their own records." Accessing their own records is a key feature of System Customizer role.
upvoted 1 times
...
TaiH
4 years, 10 months ago
I am not agreed. A requires to create app only (not mentioned to have access to data inside the CDS) -> should be A) Environment Maker "Can create new resources associated with an environment, including apps, ..." from your link. B requires something with security and Environment Maker has nothing to do with security but Customization -> B should be environment admin, but since we do not have this option, I would choose B) System Administrator.
upvoted 15 times
Juan_Covili
4 years, 10 months ago
I agree TaiH.
upvoted 4 times
...
sandip_hs
4 years, 4 months ago
I agree
upvoted 1 times
...
...
...
paulcab
Highly Voted 4 years, 9 months ago
My answer would be UserA must be able to create and publish PowerApps apps. -> Enviromnent Maker UserB must be the owner of all the systems and be able to provide permissions and create all new environments. -> Sytem Admin UserC must be able to create apps connected to the systems and update the security roles and entities. -> system customizer All Employees -> Common Data Service User
upvoted 16 times
Aryabhatta
4 years, 5 months ago
System Customizers only have access to read roles, not to create, edit or delete.
upvoted 1 times
Aryabhatta
4 years, 5 months ago
So UserC should be System Administrator https://community.dynamics.com/crm/f/microsoft-dynamics-crm-forum/75815/i-have-system-customizer-role-how-do-i-update-the-permissions-of-a-security-role/139536
upvoted 1 times
...
...
...
fp75bo
Most Recent 4 years, 4 months ago
1. EM 2. SA (owner of all the system) 3. SA (roles update) 4. CDSU
upvoted 8 times
...
SonGoku
4 years, 4 months ago
Env Maker Sys Admin Sys Cust CDS User See the notes section below security role here: https://docs.microsoft.com/en-us/power-platform/admin/database-security For users who make apps that connect to the database and need to create or update entities and security roles, you need to assign the System Customizer role in addition to the Environment Maker role. This is necessary because the Environment Maker role doesn't have privileges on the environment's data.
upvoted 3 times
...
sandip_hs
4 years, 4 months ago
A : EM B: SA C: SA D: CDS User
upvoted 2 times
...
Horrid
4 years, 7 months ago
UserA - create & publish apps = Environment Maker UserB - the owner of all the systems and be able to provide permissions... = System Admin UserC - create apps connected to the systems and update... = System Admin All Users - everyone needs at least minimum privileges = CDS User Pharmacy rep - does not have ability to customize only run app and access owned record = CDS User We do not need to look at other. Reference: https://docs.microsoft.com/en-us/power-platform/admin/database-security#predefined-security-roles
upvoted 5 times
lakshmi
4 years, 5 months ago
I am presuming that what is required is here that each User gets the lowest security role to perform his/her job; So for User C who needs to create apps, update roles and entities, the role of Customizer should be sufficient.
upvoted 2 times
lakshmi
4 years, 5 months ago
Otherwise, User A is Environment maker User B is Sys Admin and all other users are CDS Users
upvoted 1 times
...
Oda
4 years, 5 months ago
Sys Customizer cannot update Security Roles
upvoted 1 times
...
...
...
maramar
4 years, 8 months ago
a-Env. maker b-system admin c-system admin d-CDS user
upvoted 6 times
...
mgharably
4 years, 9 months ago
I guess, a-Env. maker b-sys customizer c-sys admin (because of update the security roles) d-CDS user
upvoted 4 times
...
ClairFraser
4 years, 10 months ago
UserA must be able to create and publish PowerApps apps. - Environment Maker UserB must be the owner of all the systems and be able to provide permissions and create all new environments. - Environment Admin UserC must be able to create apps connected to the systems and update the security roles and entities.- System Administrator Pharmacy representatives must only be able to run the apps and access their own records. - CDS User
upvoted 1 times
...
danosagi
4 years, 11 months ago
Can anyone point out the correct answer? It seems to be a very confusing question. UserA: "Common Data Service Users" do have the right to create and publish powerapps apps right? UserB: "Environment Maker" seem not to have privilege to access data, but if not "Environment Maker" what is the answer? UserC: must be "system admin" since others can't update security roles. All employees: Shall be Users who are restricted access to their own records. System Customizer give them more privilege than just accessing their own records.
upvoted 2 times
...
fvolpe84
4 years, 11 months ago
I think this is wrong, see below: https://docs.microsoft.com/en-us/power-platform/admin/database-security
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago