web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / Customer Insights – Jo...
Customer experience | Sales, Customer Insights,...
Unanswered

Customer Insights – Journeys: Access Teams vs Business Units for selective data isolation

(0) ShareShare
ReportReport
Posted on by SH-06100756-0 10

Hello,

We have a Customer Insights implementation with 6 Business Units and are using Access Teams for access control in Dataverse today.

Current Dataverse access model (works as intended)


  • Users can be members of multiple Access Teams.
  • Access Teams are aligned to what we conceptually treat as sub‑BUs (for example C, D, E).
  • Access is group‑managed via Azure AD.
  • Resulting behavior:

    • If a user is a member of Access Teams for C, D, and E, they can see all data belonging to C, D, and E.
    • They cannot see data belonging to A or B.
    • If a user is only a member of A, they can only see A 

  • This works well across Dataverse entities using standard security + Access Teams.

    •  

The challenge in Customer Insights – Journeys

The issue appears specifically in Customer Insights – Journeys, especially for:


  • journeys
  • emails
  • marketing interactions
  • real‑time marketing assets

    •  

In CIJ, data access seems to be evaluated based on the user’s primary Business Unit rather than:


  • Access Teams
  • team membership
  • cross‑BU collaboration patterns

    •  

This creates a problem for our hybrid access model:


  • We need Business Unit A to be fully isolated
  • Other units (C, D, E, etc.) must collaborate and share CIJ assets and data
  • Users already have the correct access via Access Teams, but CIJ does not appear to respect this model

    •  

Questions


  1. Is this behavior expected in Customer Insights – Journeys (BU‑based access only)?
  2. Does CIJ currently ignore Access Team membership when determining visibility of journeys, emails, and interactions?
  3. Is there a supported way to implement a hybrid model where:

    • One BU is isolated
    • Other BUs collaborate
    • Access Teams (rather than primary BU) drive visibility
       
  4. If not supported, what is the recommended Microsoft architecture for this scenario?

    • Separate environments?
    • Separate CIJ instances?
    • Different BU structure?
    • Other patterns?

We want to avoid duplicating environments if possible, as Dataverse access control already works correctly using Access Teams.
Any clarification on supported patterns, limitations, or roadmap considerations would be greatly appreciated.
Thanks in advance!

Categories:
Dynamics 365 Customer Insights - Journeys
I have the same question (0)

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Congratulations to our 2025 Community Spotlights

Thanks to all of our 2025 Community Spotlight stars!

Congratulations to the January Top 10 Community Leaders

These are the community rock stars!

Leaderboard > Customer experience | Sales, Customer Insights, CRM

#1
ManoVerse Profile Picture

ManoVerse 120 Super User 2026 Season 1

#2
Jimmy Passeti Profile Picture

Jimmy Passeti 46 Most Valuable Professional

#3
NeerajPawar Profile Picture

NeerajPawar 41

Last 30 days Overall leaderboard

Featured topics

Hide selecting Contact for potential customer when creating quote

Product updates

Dynamics 365 release plans