Microsoft Power Platform · Dataverse Security Roles
System Administrator
Highest Dataverse security role. Full control over the Dataverse environment including schema, security roles, and all data.
Scope: Single Dataverse-enabled environment
Permissions
- Schema - Create, modify, and delete tables, columns, relationships
- Security roles - Create and assign Dataverse security roles
- All records - Full create, read, update, delete, append, append-to, assign, share on all tables
- Solutions - Import, export, and manage solutions
- Business units - Manage the business unit hierarchy
- Field security - Configure column-level security profiles
Common use cases
- Dataverse platform owner
- Solution implementer (typically removed post-deployment)
Best practices
- Cannot be removed from Environment Admins automatically
- Limit to 2-3 users per environment
- Document why each System Administrator needs the role
Security considerations
- Bypasses business unit and field-level security
- Can grant System Administrator to others
- Cannot be assigned via security groups inside Dataverse (assigned directly to users)
Common questions
When should I assign the System Administrator role?
Assign System Administrator when you need to: Dataverse platform owner; and Solution implementer (typically removed post-deployment). It is part of Microsoft Power Platform and should be granted as a least-privilege alternative to broader roles like Global Administrator.
What can someone with the System Administrator role do?
The System Administrator role grants permissions including: Schema - Create, modify, and delete tables, columns, relationships; Security roles - Create and assign Dataverse security roles; All records - Full create, read, update, delete, append, append-to, assign, share on all tables; Solutions - Import, export, and manage solutions; Business units - Manage the business unit hierarchy; and Field security - Configure column-level security profiles. See the Permissions section above for the full list.
What are the security risks of the System Administrator role?
Key considerations when assigning System Administrator: Bypasses business unit and field-level security; Can grant System Administrator to others; and Cannot be assigned via security groups inside Dataverse (assigned directly to users). Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.