Skip to main content

Notifications

Announcements

Announcing Our 2025 Season 1 Super Users!
Announcing Forum Attachment Improvements!
News and Announcements icon
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / Dataverse security - B...
Customer experience | Sales, Customer Insights,...
Suggested answer

Dataverse security - Business Units/Teams

(1) ShareShare
ReportReport
Posted on by Jurbe3147 21
Dear,
 
I have following business case. We have one custom table which is called 'Partners'. This table holds contact information of the different partners of our company. We have 5 'profiles' of people who should be able to access this table:
  • Admins
  • Corporate
  • Directors
  • Managers
  • Everyone else
What is important is that there is a hierarchy existing. Admins can see every partner record, Corporate can see all partner records except the ones from the admins etc... It looks like this:
  • Admins
    • Corporate
      • Directors
        • Managers
          • Everyone else
 
So I created Business Units according to the above and this seems to work fine. What I would like to achieve now is the following:
 
  • Every record created in the partner table should be visible to everyone, unless it is specifically indicated that it should not be. So if an admin user adds a new record, it should by default be visible to the 'Everyone' business unit and all the ones above. How do I achieve this?
  • Another request I received is to be able to add labels to partner records. The labels should possibly be related to the ownership of the record. For example, if a record is labeled 'C-Level' it should only be visible to the Directors, Corporate and Admins. What would be the best way to achieve this?
I hope my case is somewhat clear. It is important to remark that our users don't want to switch around with the ownership of the record as for a lot of them the impact of it is unclear. So we should be able to automate setting right permissions as much as possible.
Categories:
Microsoft Dynamics CRM
  • Suggested answer
    Ali Hamza Profile Picture
    Ali Hamza 66 on at
    Dataverse security - Business Units/Teams

    Hi,

    Based on your requirements and my analysis, the most suitable solution under the given circumstances—especially since you need dynamic read access (by default visible to all, but restrict in certain scenario)—would be to use the Teams functionality in D365 CE/CRM.



    1. When creating a Partner record, assign ownership to a root team or a specific team (e.g., the Global Team) where all users are included. Depending on security needs, such as whether the record should be visible to specific business units (BUs) or users, the record can then be assigned to the appropriate team.


    2. You can create additional teams to meet your requirements. Since you mentioned using the owner field for tagging, this approach will also serve as a way to manage security access.


    The Global Team will have organization-wide read access to the partner records, while other teams will have access as per their requirements. The key aspect here is that ownership of the record by the appropriate team will determine which users can access the partner record.

    This solution seems viable, as Dynamics does not provide dynamic switching of security role access levels based on conditions. However, if other experts in the Microsoft community suggest a better approach, I would be eager to learn about it as well.


    Regards,

    Ali

  • Suggested answer
    Jugurta Profile Picture
    Jugurta 20 on at
    Dataverse security - Business Units/Teams
    Bonjour,
    en gérant vos droits dans les rôles de sécurité, vous pouvez augmenter le privilège de création à l'organisation. Cela signifie que tous les enregistrements créés seront au niveau de l'organisation. Ensuite, vous devez mettre le droit de lecture sur l'organisation également pour les rôles de sécurité d'entreprise et tous les autres. Ainsi, ils peuvent voir tous les administrateurs créés.
     
    ce lien peut vous aider si vous avez besoin de plus de détails :  https://learn.microsoft.com/en-us/power-platform/admin/security-roles-privileges
     
    Niveau d'accès global. Global . Les utilisateurs peuvent accéder à tous les enregistrements de l'organisation, quel que soit le niveau hiérarchique de l'unité commerciale auquel ils appartiennent ou l'environnement auquel ils appartiennent. Les utilisateurs qui ont un accès global ont automatiquement un accès approfondi, local et de base.
    Étant donné que ce niveau donne accès aux informations dans toute l'organisation, il doit être restreint pour correspondre au plan de sécurité des données de l'organisation. Ce niveau d'accès est généralement réservé aux responsables ayant autorité sur l'organisation.
    L'application fait référence à ce niveau d'accès sous le nom d'organisation . 
  • Jugurta Profile Picture
    Jugurta 20 on at
    Dataverse security - Business Units/Teams
    Hi,

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Announcing Our 2025 Season 1 Super Users!
Announcing Forum Attachment Improvements!

Quick Links

Announcing Our 2025 Season 1 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Announcing Forum Attachment Improvements!

We're excited to announce that attachments for replies in forums and improved…

Vahid Ghafarpour – Community Spotlight

We are excited to recognize Vahid Ghafarpour as our February 2025 Community…

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,965 Super User 2025 Season 1

#2
Martin Dráb Profile Picture

Martin Dráb 230,779 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans