Box 1: Common Data Service User
UserA must be able to create and publish PowerApps apps.
Common Data Service directly against your core business data already used within Dynamics 365 without the need for integration.
Build Apps against your Dynamics 365 Data
Manage reusable Business logic and rules
Reusable skills across Dynamics 365 and Power Apps
Box 2: Environment Maker
UserB must be the owner of all the systems and be able to provide permissions and create all new environments.
The Environment Maker role can create resources within an environment including apps, connections, custom connectors, gateways, and flows using Power Automate.
Box 3: System Administrator
UserC must be able to create apps connected to the systems and update the security roles and entities.
System Administrator is the highest level role which encompasses all the privileges and has over-riding rights. The System Administrator has the authority to allow and remove access of other users and define the extent of their rights. For example, the System Administrator and the System Customizer are given access to custom entities by default while all other users need to be given access. This is the only role that cannot be edited.
Box 4: System Customizer
End users must have minimum access to the required systems.
Sales users must only have access to their own records.
The System Customizer role is similar to the System Administrator role which enables non-system administrators to customize Dynamics 365. A Customizer is a user who customizes entities, attributes and relationships.
[Reference:, https://docs.microsoft.com/en-us/power-platform/admin/environments-overview, , https://crmbook.powerobjects.com/system-administration/business-administration/security-roles/, ]
