Microsoft Power Platform · Dataverse Security Roles

Support User

Read-only access across most Dataverse tables for support and troubleshooting scenarios. Cannot modify data or schema.

Scope: Single Dataverse environment - read-only across most data for support

Permissions

  • Read - User-level read across most Dataverse tables
  • Read system jobs and async operations
  • No write/delete - Cannot modify records
  • No schema - Cannot create or modify tables/columns

Common use cases

  • Support engineers diagnosing user issues
  • Tier 2/3 helpdesk reviewing system jobs and workflow runs
  • Customer service representatives investigating record state without modifying it

Best practices

  • Use for read-only support personnel instead of granting full System Administrator
  • Pair with the relevant app-specific custom role if write actions are sometimes needed

Security considerations

  • Read access spans most of Dataverse including potentially sensitive tables - review which tables exist before assigning

Common questions

When should I assign the Support User role?

Assign Support User when you need to: Support engineers diagnosing user issues; Tier 2/3 helpdesk reviewing system jobs and workflow runs; and Customer service representatives investigating record state without modifying it. It is part of Microsoft Power Platform and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the Support User role do?

The Support User role grants permissions including: Read - User-level read across most Dataverse tables; Read system jobs and async operations; No write/delete - Cannot modify records; and No schema - Cannot create or modify tables/columns. See the Permissions section above for the full list.

What are the security risks of the Support User role?

Key considerations when assigning Support User: Read access spans most of Dataverse including potentially sensitive tables - review which tables exist before assigning. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →