Personalized Community is here!
Quickly customize your community to find the content you seek.
Have questions on moving to the cloud? Visit the Dynamics 365 Migration Community today! Microsoft’s extensive network of Dynamics AX and Dynamics CRM experts can help.
2023 Release Wave 1Check out the latest updates and new features of Dynamics 365 released from April 2023 through September 2023
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Community | FastTrack Program | Finance and Operations TechTalks | Customer Engagement TechTalks | All TechTalks | Architecture Insights
For a little background. Our system is set up with securities based on users SalesCenter(Team). Teams own Accounts and users can be members of teams. So essentially when Users gain access to a Salescenter and they are added to that team all of the accounts and activities associated with the accounts are visible to the user.
This particular issue Account A that has previous activities was tied to Team A The owner of the activities for Account A is a member of both Team A and Team B for consistency we will call him user A. User A's Primary Team is Team A. At this point it becomes known that Account A will be transferring to Team B and will be looked after by User B. User B just like User A has access to both Team A and Team B, however User B's Primary Team is Team B. User A is able to see the Account and all of the Activities associated with it including ones owned by User A.
Account A then undergoes the transfer to Team B.
User B then loses access to all activities owned by User A and would like to get access for historical purposes.
How is it when both users have access to both teams that when the account's teams change that any visibility changes from their perspective?
More over, if it was a security issue based on team wouldn't the user lose the ability to see the Account as well?
Any help would be greatly appreciated.
This probably has to do with the way CRM handles lookups. When you do a reparent, CRM triggers the relationship cascading rules defined from parent to child and propagates through throughout the parental hierarchy (parent - child 1 - grandchild - ... grand grand child n)
What I suspect happened is that after you changed ownership, the CRM platform recalculated the permissions for the hierarchy and depending on how your relationships are set up, removed access for user B.
I would check in this case how the cascading is defined between Accounts and Activities and see if there is anything you could configure on that end - set for example by Reparenting to Cascade All instead of Cascade None.
If the relationship isn't the culprit here, i would check for any custom workflows, plugins that get triggered when you assign the account and see if they have to do anything with propagating permissions.
Hope this helps,
I have questions on this,
1. when the Account was owned by Team A, was User B able to access activities of User A?
2. who owns the Activities
The relationship between Team and Account is as below, you can notice that the behavior for Relationship is 'Cascade None' for Assign
However, when we check the read privilege depth for activities, the OOB role of Salesperson has access for org level data
In your case, if the security role has user level depth, the User B will not be able to see the activities
To resolve this, User A should share/assign the activities to User B
Hope that helps!
Questions are welcome.. :)
Yes, User B did have Access to the activities of User A. Does this change your analysis?
here is the relationship. All but Assign is set to cascade all. Additionally, this user seems to be the only one having this issue. Others can naturally see each others Call Reports as long as they have security access to its corresponding Sales center.
Thank you for the details. Yes, this very much changes the initial analysis.
If user B was able to see the activities before, him not being able to see them now is very weird.
What happens is User B tries to access the record directly from the link(url)?
Just check if you can get to know if there is a missing privilege.
Additionally, if this is only one affected user, you could try removing the user from team and adding again.
Business Applications communities