Security role | Database privileges* | Description |
---|---|---|
Environment Admin | Create, Read, Write, Delete, Customizations, Security Roles | The Environment Admin role can perform all administrative actions on an environment, including the following:
|
Environment Maker | Customizations | Can create new resources associated with an environment, including apps, connections, custom APIs, gateways, and flows using Microsoft Power Automate. However, this role doesn't have any privileges to access data within an environment. More information: Environments overview |
System Administrator | Create, Read, Write, Delete, Customizations, Security Roles | Has full permission to customize or administer the environment, including creating, modifying, and assigning security roles. Can view all data in the environment. More information: Privileges required for customization |
System Customizer | Create (self), Read (self), Write (self), Delete (self), Customizations | Has full permission to customize the environment. However, users with this role can only view records for environment entities that they create. More information: Privileges required for customization |
Common Data Service User | Read (self), Create (self), Write (self), Delete (self) | Can run an app within the environment and perform common tasks for the records that they own. Note that this only applies to non-custom entities. More information: Create or configure a custom security role |
Delegate | Act on behalf of another user | Allows code to impersonate, or run as another user. Typically used with another security role to allow access to records. More information: Impersonate another user |
Support User | Read Customizations, Read Business Management settings | Has full Read permission to customization and business management settings to allow Support staff to troubleshoot environment configuration issues. Does not have access to core records. |