Problem with permissions for new owner after assigning a record

Problem with permissions for new owner after assigning a record

This question is not answered

We have CRM 2011 on premise and have a recurring permissions problem where someone at a high level Business unit creates a record such as an Opportunity, then later in the process reassigns the record to an Account Manager role who is at a lower Business Unit hiearchy.  The security role for the Account Manager only allows User level edit permissions for the Opportunity so that Account Managers don't see each others info.  The person who created the Opportunity in this case is a few Business Unit levels higher, basically Admin.  

Because of the level of the creator the new owner cannot make certain changes such as updates to Est Close Date or other fields in the Opportunity.  But since this user has been assigned the record and is now the owner, why wouldn't they be able to make any modifications they want?  Is there a way to remove whatever restrictions are associated with the level of the person who created the record?  

All Replies
  • Hello Jim,

    What happens when the new owner of the opportunity record tries to update the record, does he gets an error? What if a person at a lower business unit level creates a record and assigns it to a person at a higher BU level, does the new owner of the record then experience the same issue?

    Do you use custom security roles? Can you test the issue with an Out of the box security role?

    Best Regards,

    Shahid S

    Microsoft Dynamics CRM Support Engineer

  • Hi Shahid - Sorry for the delay I didn't realize you'd responded, thanks. The user gets an error Access Denied with not enough permissions. I'm pretty sure I've seen other examples where someone else who's at a relatively high level creates a record such as Oppty, Quote, Order and assigns it to someone at a lower business unit and that person can make edits.  So I'm wondering if it is the fact that I'm a Sys Admin has something to do with it.

    We do use custom security roles and it won't be easy to try out an out of the box one. Tried the reverse scenario and I can edit one that someone at a lower BU created.   I found a workaround using our clone feature.  When the user cloned the Opportunity they could fully edit, the new one.