web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / Dataverse security - B...
Customer experience | Sales, Customer Insights,...
Suggested Answer

Dataverse security - Business Units/Teams

(1) ShareShare
ReportReport
Posted on by Jurbe48 29
Dear,
 
I have following business case. We have one custom table which is called 'Partners'. This table holds contact information of the different partners of our company. We have 5 'profiles' of people who should be able to access this table:
  • Admins
  • Corporate
  • Directors
  • Managers
  • Everyone else
What is important is that there is a hierarchy existing. Admins can see every partner record, Corporate can see all partner records except the ones from the admins etc... It looks like this:
  • Admins
    • Corporate
      • Directors
        • Managers
          • Everyone else
 
So I created Business Units according to the above and this seems to work fine. What I would like to achieve now is the following:
 
  • Every record created in the partner table should be visible to everyone, unless it is specifically indicated that it should not be. So if an admin user adds a new record, it should by default be visible to the 'Everyone' business unit and all the ones above. How do I achieve this?
  • Another request I received is to be able to add labels to partner records. The labels should possibly be related to the ownership of the record. For example, if a record is labeled 'C-Level' it should only be visible to the Directors, Corporate and Admins. What would be the best way to achieve this?
I hope my case is somewhat clear. It is important to remark that our users don't want to switch around with the ownership of the record as for a lot of them the impact of it is unclear. So we should be able to automate setting right permissions as much as possible.
Categories:
Microsoft Dynamics CRM
I have the same question (0)
  • Jugurta Profile Picture
    Jugurta 26 on at
    Hi,

  • Suggested answer
    Jugurta Profile Picture
    Jugurta 26 on at
    Bonjour,
    en gérant vos droits dans les rôles de sécurité, vous pouvez augmenter le privilège de création à l'organisation. Cela signifie que tous les enregistrements créés seront au niveau de l'organisation. Ensuite, vous devez mettre le droit de lecture sur l'organisation également pour les rôles de sécurité d'entreprise et tous les autres. Ainsi, ils peuvent voir tous les administrateurs créés.
     
    ce lien peut vous aider si vous avez besoin de plus de détails :  https://learn.microsoft.com/en-us/power-platform/admin/security-roles-privileges
     
    Niveau d'accès global. Global . Les utilisateurs peuvent accéder à tous les enregistrements de l'organisation, quel que soit le niveau hiérarchique de l'unité commerciale auquel ils appartiennent ou l'environnement auquel ils appartiennent. Les utilisateurs qui ont un accès global ont automatiquement un accès approfondi, local et de base.
    Étant donné que ce niveau donne accès aux informations dans toute l'organisation, il doit être restreint pour correspondre au plan de sécurité des données de l'organisation. Ce niveau d'accès est généralement réservé aux responsables ayant autorité sur l'organisation.
    L'application fait référence à ce niveau d'accès sous le nom d'organisation . 
  • Suggested answer
    Ali Hamza Profile Picture
    Ali Hamza 170 on at

    Hi,

    Based on your requirements and my analysis, the most suitable solution under the given circumstances—especially since you need dynamic read access (by default visible to all, but restrict in certain scenario)—would be to use the Teams functionality in D365 CE/CRM.



    1. When creating a Partner record, assign ownership to a root team or a specific team (e.g., the Global Team) where all users are included. Depending on security needs, such as whether the record should be visible to specific business units (BUs) or users, the record can then be assigned to the appropriate team.


    2. You can create additional teams to meet your requirements. Since you mentioned using the owner field for tagging, this approach will also serve as a way to manage security access.


    The Global Team will have organization-wide read access to the partner records, while other teams will have access as per their requirements. The key aspect here is that ownership of the record by the appropriate team will determine which users can access the partner record.

    This solution seems viable, as Dynamics does not provide dynamic switching of security role access levels based on conditions. However, if other experts in the Microsoft community suggest a better approach, I would be eager to learn about it as well.


    Regards,

    Ali

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Customer experience | Sales, Customer Insights, CRM

#1
Tom_Gioielli Profile Picture

Tom_Gioielli 81 Super User 2025 Season 2

#2
Gerardo Rentería García Profile Picture

Gerardo Rentería Ga... 49 Most Valuable Professional

#3
#ManoVerse Profile Picture

#ManoVerse 40

Last 30 days Overall leaderboard

Featured topics

Hide selecting Contact for potential customer when creating quote

Product updates

Dynamics 365 release plans