Microsoft Power Platform · Dataverse Security Roles

System Administrator

Highest Dataverse security role. Full control over the Dataverse environment including schema, security roles, and all data.

Scope: Single Dataverse-enabled environment

Permissions

  • Schema - Create, modify, and delete tables, columns, relationships
  • Security roles - Create and assign Dataverse security roles
  • All records - Full create, read, update, delete, append, append-to, assign, share on all tables
  • Solutions - Import, export, and manage solutions
  • Business units - Manage the business unit hierarchy
  • Field security - Configure column-level security profiles

Common use cases

  • Dataverse platform owner
  • Solution implementer (typically removed post-deployment)

Best practices

  • Cannot be removed from Environment Admins automatically
  • Limit to 2-3 users per environment
  • Document why each System Administrator needs the role

Security considerations

  • Bypasses business unit and field-level security
  • Can grant System Administrator to others
  • Cannot be assigned via security groups inside Dataverse (assigned directly to users)

Common questions

When should I assign the System Administrator role?

Assign System Administrator when you need to: Dataverse platform owner; and Solution implementer (typically removed post-deployment). It is part of Microsoft Power Platform and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the System Administrator role do?

The System Administrator role grants permissions including: Schema - Create, modify, and delete tables, columns, relationships; Security roles - Create and assign Dataverse security roles; All records - Full create, read, update, delete, append, append-to, assign, share on all tables; Solutions - Import, export, and manage solutions; Business units - Manage the business unit hierarchy; and Field security - Configure column-level security profiles. See the Permissions section above for the full list.

What are the security risks of the System Administrator role?

Key considerations when assigning System Administrator: Bypasses business unit and field-level security; Can grant System Administrator to others; and Cannot be assigned via security groups inside Dataverse (assigned directly to users). Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →