Home
News
Altus Technical Docs
Home
News
Altus Technical Docs
Sign in
Important Notes
Help Centre
Choose your own adventure
Getting Started
Strategy
Initiatives ⟩ Portfolios and Programs
Initiatives ⟩ Projects
Initiatives ⟩ Work
Initiatives ⟩ Proposals
Initiatives ⟩ Ideas
Resources
Administration
Understanding administration boundaries in Altus
Managing users and security permissions
Describe the default roles and security models in AltusSet up security groups (teams) via Power Platform admin centreManage user access via linked Microsoft 365 groups Set up a custom security role by copying a default roleDescribe special cases and permissions chartImplement Azure Active Directory (AAD) synchronisationCheck effective user rights within a recordGrant ‘Member’ access to Power BI Workspace for Insights Security Troubleshooting Playbook for Altus
Managing system and configuration settings

Set up security groups (teams) via Power Platform admin centre

Security groups in Power Platform are used to manage access to Altus environments and data at scale.

In Altus, these groups are linked to Dataverse Teams, allowing administrators to assign security roles to groups of users rather than individuals.

This approach supports centralised access management, aligning with organisational structures and simplifying onboarding and offboarding.

For more information on Altus security configuration, refer to:
https://docs.altus.pro/products/AltusPPM/Configuration/Security/index.html

Important: Platform & Permissions

This configuration is not managed within Altus directly.

It requires access to:

  • Power Platform Admin Centre
  • Microsoft Entra ID (Azure Active Directory)

These tasks typically require:

  • System Administrator (Power Platform)
  • Global Admin or User Admin (Microsoft 365 / Entra ID)

Where This Is Configured

  • Power Platform Admin Centre → Environments
  • Settings → Users + Permissions → Teams

High-Level Steps

  1. Navigate to Power Platform Admin Centre
  2. Select the relevant environment
  3. Go to Settings → Users + Permissions → Teams
  4. Select Create Team
  5. Configure the team:
    • Team Type = Microsoft Entra ID Security Group or Microsoft 365 Group
    • Select the relevant group
  7. Assign one or more Security Roles to the team
  8. Save the configuration

👉 For detailed Microsoft step-by-step instructions, refer to:
https://learn.microsoft.com/en-us/power-platform/admin/manage-group-teams

How Security Groups Work

  • A group created in Microsoft 365 / Entra ID is linked to a Dataverse Team
  • Security roles are assigned to the team
  • All group members inherit the team’s access permissions

Key behaviour:

  • Users are added or removed via the group membership
  • Access is granted when users access the environment
  • Permissions are applied consistently across all members

How This Impacts Altus

Security groups directly control access to:

  • Altus projects, programs, and portfolios
  • Work entities (e.g. Risks, Issues, Tasks, Deliverables)
  • Reporting and financial data

They also enable:

  • Team-based ownership of project data
  • Consistent access control across delivery teams
  • Scalable user management aligned with organisational structure

Key Considerations

  • Group membership is managed outside Altus (in Microsoft 365 / Entra ID)
  • Users may need to access the environment before appearing in some views
  • Roles should be assigned carefully to avoid over-permissioning
  • Align groups with teams, functions, or governance structures

Tips

  • Use groups instead of individual assignments wherever possible
  • Apply the least privilege principle
  • Align group naming with organisational standards
  • Regularly review group membership and assigned roles


Was this article helpful?

English
Powered by Product Fruits

Altus Help Centre