Exam PL-200 topic 1 question 40 discussion

Answer is: Box 1 - 1 Box 2 - 2 - The business unit will have a default team, so just assign to roles to it instead of creating a new Team - Parent: Child can only be assigned as a permission and not a security role, e.g you can give Parent: Child... on create, write, delete... on an entity within a security role.

Both are incorrect: For Box 1 the correct answer should be option 1 as the docs claims: "You can assign a security role to the business unit's default team. This is done to simplify security role management where all your business unit team members can share the same data access." And for Box 2, the correct answer should be Option 2, as docs claims: "Deep. This access level gives a user access to records in the user's business unit and all business units subordinate to the user's business unit. Users who have Deep access automatically have Local and Basic access, also. Because this access level gives access to information throughout the business unit and subordinate business units, it should be restricted to match the organization's data security plan. This level of access is usually reserved for managers with authority over the business units. The application refers to this access level as Parent: Child Business Units."

was on test May 14 2024

1 and 2

Each business unit has a default team. You can't update the default team's name, nor delete the default team. You can't add or remove users from the business unit's default team. However, you can change the user's current business unit to the new business unit and the user will automatically be added to the business unit's default team. You can assign a security role to the business unit's default team. This is done to simplify security role management where all your business unit team members can share the same data access. https://learn.microsoft.com/en-us/power-platform/admin/create-edit-business-units

In a setting with sub-sub business units, in the background the system creates several security role records (including the parent root role), each one of them related to a business unit all 3 are wrong a) As it is written I would understand to grant(apply) a user in the A-Team business unit the security role record ‘from’ the sub business unit A1. I would not do that (maybe wit xml edit or any ploy you could manage this). B) I jumped for this solution first but there are 2 reasons why it is down wrong: first, the permissions are granted on roles, not on users (wrong entity!). Second, it is not a permission but an access level. c) Means the opposite from a) give a user e.g. in business unit B-Team the (parent root) role record ‘from’ root business unit CRM... Which answer is the least wrong? The answer B) that has 2 wrong components or one of the others..?

In a setting with sub-sub business units, in the background the system creates 5 security role records (including the parent root role), each one of them related to a business unit. all 3 are wrong a) As it is written I would understand to grant(apply) a user in the A-Team business unit the security role record ‘from’ the sub business unit A1. I would not do that (maybe wit xml edit or any ploy you could manage this). B) I jumped for this solution first but there are 2 reasons why it is down wrong: first, the permissions are granted on roles, not on users (wrong entity!). Second, it is not a permission but an access level. c) Means the opposite from a) give a user e.g. in business unit B-Team the (parent root) role record ‘from’ root business unit CRM... Which answer is the least wrong? The answer B) that has 2 wrong components or one of the others..?

all 3 are wrong a) As it is written I would understand to grant(apply) a user in the A-Team business unit the security role record ‘from’ the sub business unit A1. I would not do that (maybe wit xml edit or any ploy you could manage this). B) I jumped for this solution first but there are 2 reasons why it is down wrong: first, the permissions are granted on roles, not on users (wrong entity!). Second, it is not a permission but an access level. c) Means the opposite from a) give a user e.g. in business unit B-Team the (parent root) role record ‘from’ root business unit CRM... Which answer is the least wrong? The answer B) that has 2 wrong components or one of the others..? I would go for b.

Box 2 - 1 is correct. You need to allow access to just one particular BU. Not all children.

I think the options are correct 1 and 3. If you look a bit deeper to the question it says "5,000 users. You need to configure security roles for the company while minimizing administrative effort" Q1: Apply a security tole to everyone in A business unit (it doesn't specify that this is the root one) So apart of the root BU, if we have another one, we need to create a new team for that BU and assign it to the BU as by default the new BU doesn't have team when was created. So this is the minimum effort to apply a security role to everyone from A BU. Q2: Ensure an individual can see records in THEIR current business unit and a CHILD unit - if i'm the admin, i will use the new functionality "Matrix data access structure" to provide access to a data from another BU by assigning a role from that unit, instead of going to the role in the user's BU and modify the level one-by-one, which will apply for EVERY user in that BU and the question also says "Ensure an individual"

Question was on test 3/2023

Box 1 Is very likely the first option: "Every Business Unit has one default team that is automatically created when the Business Unit is created" If they want to apply the security role to every person in a business unit then this is the fastest and easiest way, Creating a new team is unnecessary

This is a horrible question. I would say that q1 = a1 and q2 = a1 BUT you can't directly add a security role from another BU, that can only be done by adding the user to a Team from another BU that has a security role applied to it AND you can't add a user to a default BU Team. I think they've made this purposefully confusing.

this question is kept on 23/11/2022

If you read the question `you need to configure security roles for the company while minimizing administrative effort`, then the box 1 will be option 1, if minimizing administrative effort not mentioned, option 3 is also correct.

Box 2 Parent: Child Business Units "Deep. This access level gives a user access to records in the user's business unit and all business units subordinate to the user's business unit. Users who have Deep access automatically have Local and Basic access, also. Because this access level gives access to information throughout the business unit and subordinate business units, it should be restricted to match the organization's data security plan. This level of access is usually reserved for managers with authority over the business units. The application refers to this access level as Parent: Child Business Units" https://learn.microsoft.com/en-us/power-platform/admin/security-roles-privileges

I would choose answer 1 for both questions.