Home
News
Altus Technical Docs
Home
News
Altus Technical Docs
Sign in
Important Notes
Help Centre
Choose your own adventure
Getting Started
Strategy
Initiatives ⟩ Portfolios and Programs
Initiatives ⟩ Projects
Initiatives ⟩ Work
Initiatives ⟩ Proposals
Initiatives ⟩ Ideas
Resources
Administration
Understanding administration boundaries in Altus
Managing users and security permissions
Describe the default roles and security models in AltusSet up security groups (teams) via Power Platform admin centreManage user access via linked Microsoft 365 groups Set up a custom security role by copying a default roleDescribe special cases and permissions chartImplement Azure Active Directory (AAD) synchronisationCheck effective user rights within a recordGrant ‘Member’ access to Power BI Workspace for Insights Security Troubleshooting Playbook for Altus
Managing system and configuration settings

Set up a custom security role by copying a default role

Custom security roles allow organisations to tailor access beyond the default roles provided by Altus and Dataverse.

They are typically used when:

  • Default roles do not fully meet governance requirements
  • More granular control is required across functional areas

For more information on Altus security configuration, refer to:
https://docs.altus.pro/products/AltusPPM/Configuration/Security/index.html

Important: Platform & Permissions

Custom roles are not configured within Altus UI.

They are managed in:

  • Power Platform Admin Centre
  • Dataverse security settings

These tasks typically require:

  • System Administrator-level access

Recommended Approach

Custom roles should always be created by:

  • Copying an existing security role
  • Modifying permissions to suit requirements

This ensures:

  • Required base permissions are preserved
  • Configuration is faster and more reliable

High-Level Steps

  1. Navigate to Power Platform Admin Centre
  2. Select the relevant environment
  3. Go to:
    • Settings → Users + Permissions → Security Roles
  5. Select an existing role
  6. Choose Copy Role
  7. Enter a new role name
  8. Update permissions and access levels
  9. Save and assign the role to users or teams

👉 For detailed Microsoft step-by-step instructions, refer to:
https://learn.microsoft.com/en-us/power-platform/admin/copy-security-role

How Security Roles Work

Security roles define:

  • Privileges (e.g. Create, Read, Update, Delete, Assign, Share)
  • Scope (User, Business Unit, or Organisation level)

Users can have multiple roles, and permissions are cumulative. [learn.microsoft.com]

How This Impacts Altus

Custom roles control:

Access to:

  • Projects and work entities
  • Financial data and reporting
  • Configuration and administrative features

Ability to:

  • Create, edit, approve, or manage records
  • Perform administrative or governance functions

They are key to:

  • Enforcing governance models
  • Meeting compliance requirements
  • Supporting different user personas

Additional Reference

For detailed Microsoft guidance on assigning and managing security roles, refer to:
https://learn.microsoft.com/en-us/power-platform/admin/assign-security-roles

Key Considerations

  • Always base new roles on existing roles (do not start from scratch)
  • Do not modify default roles directly
  • Follow the least privilege principle
  • Test roles before assigning broadly
  • Periodically review and maintain role configurations


Was this article helpful?

English
Powered by Product Fruits

Altus Help Centre