Exam PL-900 topic 1 question 116 discussion

Correct https://docs.microsoft.com/en-us/dynamics365/customerengagement/on-premises/developer/security-dev/use-field-security-control-access-field-values

D. field level Security layers in order from least to most restrictive (shown in link at bottom) : A. App-level (whether or not they can use app Form-level (seems to be for model-driven apps only) C. Record-level (akin to row in excel) D. Field-level (akin to individual cell in excel) Note: B. "task-level" security doesn't seem to exist, at least in power apps They don't specify how the canvas app is designed so we're not sure whether the contractors would need to enter/edit a whole record or just a field for their time entries. Therefore we always want to use the industry-standard security principle of least privilege. In other words, don't give them Record-level security which is more than they might need for this particular question. Always err on the side of caution and keeping things at max level of security. https://learn.microsoft.com/en-us/power-apps/guidance/planning/security

shouldn't they be able to create a new time entry aka a permission to create a new record?

yee!!!

Record level is what you would use but in order to do this it is dependent on field-level security.

Of the options given, I'm going to choose record-level. This will allow them to create new rows for their entries. Ideally, I'd just hide all functionality that they shouldn't see. Problem solved. Or, have a single-function app. Anyway, the expense report example on this page supports my record-level answer. https://docs.microsoft.com/en-us/power-apps/guidance/planning/security Field-level would prevent them from creating new rows.

D is the correct choice here

"For example, you use this to enable only certain users to read or update the credit score for a customer." - on field security I would say that this scenario is similar to that of entering time.

correct (https://docs.microsoft.com/en-us/power-platform/admin/field-level-security)

task-level doesn't exist. so B is rubbish C record level is satisfactory as contractors have to effectively create new record every time they submit time they have worked on project.

Should be Task level

For me the answer is B). Field-level is recommended to use it only in exceptional situations like hiding bank account number or the phone number on the CEO file for all people but HR Manager. It is nonsense to use that level of control to manage a timesheet entry. Also, that control consumes a lot of resources so it is not recommended to use it massively. For me is b) Task-level or more recently the Form-level because identity which form the user has access (Create a timesheet). Record-level (c) is for define what we can do in that report (create, update, delete) but the main effort is on to define that the contractor has access to that form only https://docs.microsoft.com/en-us/powerapps/guidance/planning/security

In fact this would only prevent the contractors from adding other data to VIA the app. But if this app has others screens etc, field level security will not prevent them from doing "stuff" on those screens. Bit of a tricky question..

Application level - it says they must not be able to perform any other action in the APP