exam questions

Exam PL-900 All Questions

View all questions & answers for the PL-900 exam

Exam PL-900 topic 1 question 26 discussion

Actual exam question from Microsoft's PL-900
Question #: 26
Topic #: 1
[All PL-900 Questions]

HOTSPOT -
A company creates the following Microsoft Power Platform environments to manage a custom model-driven app:
✑ Development
✑ Production
You have been granted the System Administrator security role to the development environment and a custom security role named Project Team Member to the production environment.
Instructions: For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: No -
You already have this access as a System Administrator.
Users who have the Environment Maker, System Administrator, or System Customizer security role can access and edit all model-driven apps within the environment. This is because these security roles have create, read, and write privileges on the Model-driven App table.

Box 2: Yes -
If you are the System Administrator role in your CDS (Common Data Service), you would have full permission to customize or administer the environment, including creating, modifying, and assigning security roles.
Currently, within PowerApps, there is no way to prevent CDS System Administrator role from deleting a record in an Entity.

Box 3: No -
Other security options are available.
Also, there is no information on what the custom Project Team Member role entails.
Note: Apps can be viewed by valid users with appropriate privileges who sign into Power Apps, the Power Apps mobile app, or Dynamics 365 home page. For a user to view and access apps in an environment, the following privileges, security role, or team membership are required:
A user who has the write or create privilege on the Model-driven App table makes the user a maker persona. That user can view and access all apps in the environment.
A user who has only the read privilege on the Model-driven App table, must also have the associated security role(s) that are assigned to the app (or equivalent).
Reference:
https://docs.microsoft.com/en-us/power-apps/maker/model-driven-apps/app-visibility-privileges https://docs.microsoft.com/en-us/power-platform/admin/database-security

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
stavrama
Highly Voted 2 years, 5 months ago
I think that: No Yes Yes is the correct answer. It says that you are sys admin on the dev environment so you will have full access . Since you are sys admin you can delete records in dev env. However on last question since you are assigned on a custom group, this group first need to have the appropriate rights on the prod env in order to have access.
upvoted 18 times
SHNH
2 years ago
It is not a custom group but a custom security role so the access has been assigned in what capacity is unknown but a custom security role means access.
upvoted 7 times
stavrama
1 year, 10 months ago
You are correct. It's No, Yes, No
upvoted 11 times
...
...
...
rahul_86
Most Recent 2 days, 9 hours ago
Yes - You will not be able to access the app until the System Administrator security role is assigned to the app in the development environment. Yes - You can delete records in the development environment. No - You will not be able to access the app until the Project Team Member security role is assigned to the app in the production environment.
upvoted 1 times
...
rahul_86
2 days, 9 hours ago
yes yes no
upvoted 1 times
...
FreddyKruger1
4 months, 3 weeks ago
#1 NO - You simply can't assign a security role to an app, period. You must assign it to a user, team or AD group. #2 YES - It says you've been assigned the System Administrator security role. With that, you have the power to delete records. #3 NO - Again, you can't assign a security role to and app. You must assign it to a user, team or AD group. And, it says you already have this role assigned to you as a user. That means you can change data on the underlying tables of the app while using the app. But, that's not app access. To get app access, it must be shared with you. App access and table(data) access are two different things.
upvoted 1 times
...
swatgo
1 year, 5 months ago
1) NO - System Administrator security role might be able to access an app within the environment without the need for the app-specific security role assignment. 2) Yes 3) Yes - A user who has only the read privilege on the Model-driven App , must also have the associated security role(s) that are assigned to the app (or equivalent).
upvoted 3 times
...
fusioner
1 year, 8 months ago
You will not be able to access the app until System Administrator security role is assigned to the app in development environment No You can delete the records in development environment Yes You will net be able to access the app until the project team member security role is assigned to the app in production environment No
upvoted 2 times
...
Maniula
1 year, 8 months ago
No - Yes - Yes For part three the explanation is here: https://learn.microsoft.com/en-us/power-apps/maker/model-driven-apps/share-model-driven-app
upvoted 2 times
...
Moiz1031
1 year, 10 months ago
Part 3 - The question says the custom role named Project Team Member is assigned to the user but the same custom role must be assigned to the app as well in the Production. The answer should be YES.
upvoted 3 times
...
pawlinne17
1 year, 10 months ago
no, yes, no, because the role is assigned to YOU and not the app
upvoted 2 times
Maniula
1 year, 8 months ago
No, for model-driven apps roles are assigned to the app too
upvoted 4 times
...
...
Vipy
1 year, 11 months ago
No YES YES - you need to go to apps and then select manage roles and then select the custom role so that the person with that role will be able to access the App.
upvoted 4 times
...
SHNH
2 years, 2 months ago
No Yes No- It states that you have been granted a custom security role so if you have been granted a security role you will be able to access the app on what security level we know but access if granted.
upvoted 1 times
Moiz1031
1 year, 10 months ago
In part 3, there is no mention in question that the custom role has already been assigned to the app, which is a must.So it should be YES.
upvoted 1 times
...
SHNH
2 years, 2 months ago
No Yes No- It states that you have been granted a custom security role so if you have been granted a security role you will be able to access the app on what security level we don't know but access is granted.
upvoted 1 times
...
Soma1995
2 years, 1 month ago
For third option: --- Yes There is no information on what the custom Project Team Member role entails. Note: Apps can be viewed by valid users with appropriate privileges who sign into Power Apps, the Power Apps mobile app, or Dynamics 365 home page. For a user to view and access apps in an environment, the following privileges, security role, or team membership are required: A user who has the write or create privilege on the Model-driven App table makes the user a maker persona. That user can view and access all apps in the environment. A user who has only the read privilege on the Model-driven App table, must also have the associated security role(s) that are assigned to the app (or equivalent). Reference: https://docs.microsoft.com/en-us/power-apps/maker/model-driven-apps/app-visibility-privileges https://docs.microsoft.com/en-us/power-platform/admin/database-security
upvoted 3 times
...
...
SaltnPepper78
2 years, 3 months ago
I think it is No Yes No - it was not mention that the group assigned has appropriate access to app or if it there are other groups available the other users can select.
upvoted 1 times
...
rober13
2 years, 4 months ago
I think it is : NO : you have access to enviroment it is more than app YES : you have access to enviroment it is more than register YES : you cann't access to production enviroment for custom role
upvoted 1 times
...
stavrama
2 years, 5 months ago
I don't understand why No is the correct answer on 3rd question since on the article it says that: Create or configure a custom security role If your app uses a custom entity, its privileges must be explicitly granted in a security role before your app can be used. You can either add these privileges in an existing security role or create a custom security role. On the question it is written that a custom security role is created but it doesn't say anything about granting rights on an existing security role.
upvoted 1 times
...
Vimbsu
2 years, 5 months ago
on the 3rd question i think its No. Why? We are not told of any other group the user is assigned to (least privilege).
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago