Breaking news from around the world
Get the Bing + MSN extension
Now Available in Community - MBAS 2019 Presentation Videos
Catch the most popular sessions on demand and learn how Dynamics 365, Power BI, PowerApps, Microsoft Flow, and Excel are powering major transformations around the globe. | View Gallery
2019 release wave 2 Discover the latest updates to Dynamics 365Release overview guides and videos Release Plan | Early Access Availability
Ace your Dynamics 365 deployment with packaged services delivered by expert consultants. | Explore service offerings
Connect with the ISV success team on the latest roadmap, developer tool for AppSource certification, and ISV community engagements | ISV self-service portal
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Program | Finance TechTalks | Customer Engagement TechTalks | Talent TechTalks | Upcoming TechTalks
Has anyone deployed a PSA security model that allows for the addition of a Team Member as a bookable resource = User, to receive read/write privileges on the Project and associated child records? Likewise, remove the access to the project if they are removed from the project?
We have a multi-level business unit structure, with the majority of projects and bookable resources at a child level. However, some projects are owned by/managed by users at the parent level and require team members added to the project at a child business unit level. When this occurs, we would like to see the user have read and edit permissions on that specific project and all associated child records.
My thought was to deploy a plug-in to GrantAccess and RevokeAccess on change of the Project Team record, basically dynamically sharing the project to the appropriate Team Members as they are added/removed from the project's team.
We are trying to avoid users having the ability to create teams and adding users to them, and then assigning the project to that specific team.
Thank you for any assistance you can provide!
Your design is the current best practice. Either sharing project records with users or adding users to teams.
Here is my opinion:
I believe that Microsoft Product Team should look at it and design it anew. Security in CE is based on ownership of records, security roles and where users sit in terms of BUs and PSA must follow the same pattern. High level design: by default access to projects within BU and then OTB records get shared when we create a project team member from a a different BU. Obviously lot of redesign would be needed.
Business Applications communities