You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: powerapps-docs/maker/common-data-service/create-edit-entity-relationships.md
+30-4
Original file line number
Diff line number
Diff line change
@@ -1,7 +1,7 @@
1
1
---
2
-
title: "Entity relationships overview for Common Data Service | MicrosoftDocs"
2
+
title: "About entity relationships for Common Data Service | MicrosoftDocs"
3
3
ms.custom: ""
4
-
ms.date: 04/13/2020
4
+
ms.date: 08/17/2020
5
5
ms.reviewer: ""
6
6
ms.service: powerapps
7
7
ms.suite: ""
@@ -22,7 +22,7 @@ search.app:
22
22
- "PowerApps"
23
23
- D365CE
24
24
---
25
-
# Entity relationships overview
25
+
# Entity relationships
26
26
Entity relationships define how records can be related to each other in the database. At the simplest level, adding a lookup field to an entity creates a new 1:N (one-to-many) relationship between the two entities and lets you put that lookup field in a form. With the lookup field, users can associate multiple *child* records of that entity to a single *parent* entity record.
27
27
28
28
Beyond simply defining how records can be related to other records, 1:N entity relationships also provide data to address the following questions:
@@ -142,8 +142,34 @@ Because of parental relationships there are some limitations you should keep in
142
142
- A custom entity can't be the primary entity in a relationship with a related system entity that cascades. This means you can't have a relationship with any action set to **Cascade All**, **Cascade Active**, or **Cascade User-Owned** between a primary custom entity and a related system entity.
143
143
- No new relationship can have any action set to **Cascade All**, **Cascade Active**, or **Cascade User-Owned** if the related entity in that relationship already exists as a related entity in another relationship that has any action set to **Cascade All**, **Cascade Active**, or **Cascade User-Owned**. This prevents relationships that create a multi-parent relationship.
144
144
145
+
### Inherited access rights cleanup
146
+
147
+
Using Reparent and Share cascading behaviors are helpful when you want to provide access to records across related entities. But there can be a change in process or design that requires a change of the cascading behavior settings.
148
+
149
+
When an entity relationship uses Reparent or Share, and the cascading behavior is changed from **Cascade All** to **Cascade None**, the entity relationship prevents any new permission changes from cascading to the related child entities. In addition, inherited permissions that were granted while the cascading behavior was active must be revoked.
150
+
151
+
Inherited access rights cleanup is a system job that cleans up the legacy inherited access rights that remain after the cascading behavior is changed from **Cascade All** to **Cascade None**. This cleanup will not affect any user that was directly granted access to an entity, but will remove access from anyone who received access through inheritance only.
152
+
153
+
> [!NOTE]
154
+
> Currently, to run inherited access rights cleanup requires using the Web API. More information: [CreateAsyncJobToRevokeInheritedAccess Action](/dynamics365/customer-engagement/web-api/createasyncjobtorevokeinheritedaccess?view=dynamics-ce-odata-9)
155
+
156
+
<!-- Automatic triggering to come later-- remove above alert at that time. The cleanup is automatically triggered when you switch Reparent or Share cascading behaviors from All to None. No action is required. -->
157
+
158
+
This is how inherited access rights cleanup works:
159
+
160
+
1. Identifies and collects all the entities that were in a cascading relationship with the updated parent.
161
+
162
+
2. Identifies and collects the users that were granted access to the related entities through inherited access.
163
+
164
+
3. Checks for users who were given direct access to a related entity and removes them from the collection.
165
+
166
+
4. Removes inherited access for the collected users on the collected entities.
167
+
168
+
After the cleanup runs, users who were able to access related entities only because of the cascading feature can no longer access the records, ensuring greater security.
169
+
170
+
145
171
### See also
146
-
[Entities and metadata overview](create-edit-metadata.md)<br />
172
+
[Monitor and manage system jobs](/power-platform/admin/monitor-manage-system-jobs)<br />
147
173
[Create and edit 1:N (one-to-many) or N:1 (many-to-one) relationships](create-edit-1n-relationships.md)<br />
0 commit comments