You have two Microsoft Power Platform environments. Users in one environment must not be able to see the other environment. You need to grant salespeople access to the sales company environment. What should you do?
A.
Add salespeople to an Office 365 security group.
B. Add salespeople to a security role. - By adding salespeople to a specific security role within the sales company environment, you can control their access and permissions within that environment. The security role defines the privileges and restrictions that users have in terms of accessing and manipulating data and functionality within the environment.
Adding salespeople to a security role ensures that they have the necessary permissions to perform their job functions within the sales company environment while maintaining the separation and isolation between the two environments, preventing users from one environment from seeing the other.
Option A - Adding salespeople to an Office 365 security group - may be useful for managing access to other Office 365 resources but is not specifically tied to controlling access within the Power Platform environments.
You can create an AAD security group team in Power Platform/D365 linked to the security group and assign roles to the team. Any team members added to the security group will inherit those roles
Think of it like this: You are going to a Party (Environment) with a Group of Friends (Security Group), once you enter the Party, you can have a defined Role (Security role) such as DJ, Bartender, Logistic or simply Invited
Option A. is not the correct approach in this scenario because Office 365 security groups control access to resources at the broader Office 365 level (like SharePoint sites, Teams, or mailboxes) and do not directly manage access within specific Power Platform environments or apps.
B. Add salespeople to a security role
Security roles in Power Platform define what actions a user can perform and what data they can interact with. By adding the salespeople to a security role that has access to the sales company environment, you can ensure they have the necessary permissions. This method also ensures that users in one environment cannot see the other environment, as security roles are specific to the environment they are created in.
Office 365 security groups (Option A) can be used to manage user access at a higher level, they are not environment-specific.
Options C and D involve setting privileges and app security, which are components of a security role, but do not directly add users to an environment. Therefore, these options might not fully meet the requirements.
My read on this one is that once a user is in the environment, you can add them to a security role--but just adding a group of users to a security role does not prevent OTHER users from seeing the environment.
Adding users to a security group and assigning it to the environment, however, does.
From the cited doc:
When a security group is associated with an existing environment with users, all users in the environment that are not members of the group will be disabled.
The way I read it, adding users to the M365 group DOES immediately prevent anyone who's not in that group from seeing the environment, which is the core goal of the question.
A is not the complete answer, but rather the first step of granting salespeople access to the environment. You add them to a security group, then you assign a security role to its members, or to the entire SG.
https://learn.microsoft.com/en-us/power-platform/admin/control-user-access
To grant salespeople access to the sales company environment and ensure users from one environment cannot see the other, you should consider using:
B. Add salespeople to a security role.
Explanation:
Add salespeople to a security role (Option B): Security roles in the Power Platform allow you to define sets of permissions for users. By adding salespeople to a specific security role in the sales company environment, you can control their access to data and functionality within that environment. This helps ensure that users in one environment cannot see or access data in the other.
Options A, C, and D may not directly address the requirement to restrict visibility between environments:
This section is not available anymore. Please use the main Exam Page.PL-200 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
xoshi23
Highly Voted 3 years, 10 months agoinscho
Highly Voted 2 years, 1 month agobraddles
2 months, 1 week agoAkin_Eren
Most Recent 1 week, 1 day agoMikmok
2 months, 2 weeks agoLSTR1995
2 months, 2 weeks agoLSTR1995
2 months, 2 weeks agoBRIS776
3 months, 2 weeks agol1f06mbam2015
5 months, 2 weeks agostylist
6 months, 1 week agoraband
8 months agocuriousEngine
9 months agoAbdullah7
10 months ago5f14337
11 months, 1 week agoSmith_S
1 year agoitenginerd
1 year, 1 month agoLRRooster
1 year, 2 months agogina_the_boss
1 year, 4 months agoNickybambi
1 year, 6 months ago