Personalized Community is here!
Quickly customize your community to find the content you seek.
Have questions on moving to the cloud? Visit the Dynamics 365 Migration Community today! Microsoft’s extensive network of Dynamics AX and Dynamics CRM experts can help.
2022 Release Wave 2Check out the latest updates and new features of Dynamics 365 released from October 2022 through March 2023
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Community | FastTrack Program | Finance and Operations TechTalks | Customer Engagement TechTalks | Upcoming TechTalks | All TechTalks
There are several Business Units.Each user works in his region.How to limit accounts for users? It is necessary for the user to see accounts in his region.Tried to limit with the help of roles, it did not turn out.Why, when sharing an account, the team can see the orders of this account.
Have you tried giving BU level access to Account Entity in security role?
No. This solution doesn't work. One Business Unit can have clients from different regions.
For example, there is Business Unit A and Business Unit B. There are 3 regions: Europe, Africa and Asia. One user from Business Unit A works in the Europe region. The second one operates from Business Unit B in the Africa and Asia regions. The third user from Business Unit B works in the Asia region.
The first user should see accounts from Europe, the second - from Africa and Asia, the third - only from Asia.
I have set the read privilege for the Account entity at the user level. Created 3 teams: Europe, Africa and Asia. Added users to them. Shared accounts for these teams. When I add a new user to Business Unit B and to the Asia team, he sees all orders.
New user able to see all orders or accounts ?
Yes, if the account is shared with that user.
If I give access to an account at the Business Unit level, then how can I restrict access to specific accounts?
You can restrict access to Account, Sales Order and other assets with team structure.
I can exemplify this as follows;
For example we have 3 users named A, B and C. Each of these users must have a separate business unit. Let's give authorization on a business unit basis so that user A can see Asia, user B can see Africa and user C can see Europe.
After these processes, we need to create 3 different teams and define an authorization for this teams. Teams should only be authorized to see the account or sales order at the business unit level.
If user A should see the records in both Asia and Europe; If you add this user to the Asian and European teams that you created, they will be able to see the records owned by both Asian and European teams. (Including records of users who are members of this team.)
Make sure the entities you delegate are of Team and User access type. It cannot be of the Organization type.
I hope this solution helps to you.
If I add User A and User B to the same team, then User A will have access to Accounts and Orders of User B. How then to restrict access to Orders?
User2 works in region A and B.If users are given access to Accounts at the Business Unit level, then User1 will have access to Customer6.
I gave access to Accounts at the user level, then I created a Team and add User1 and User2 to it. Then I shared Customer1, Customer2 and Customer3 to the Team. Now User1 has access to the Orders of Customer 3, Customer 4 and Customer 5. it's wrong.
If you want to share small number of accounts then you can just use Access Teams. Where CRM will provide Record level security permissions.
So if User 1 is from Region A and need some Account Access of Region B then you can provide Region B Account Access using Access Team to the User 1.
There are many accounts. This method also did not work, because both the account and all orders are shared.
Adding users to the same team doesn't mean you're merging roles. You need to create a new authorization and assign it to the team the users are in. You can only grant read or edit permission in the newly created authorization. So, users will only be authorized to see each other's records on entities that you allow.
Tell me, please, how to do it ? How to create a new authorization ?
I solved the problem by setting up relationships (1:N for Account entity).
Business Applications communities