Skip to main content

Notifications

Microsoft Dynamics CRM (Archived)

Restrict access (including View access) to a specific record

Posted on by Microsoft Employee

Hello,

I have a custom entity, one of its records is of a sensitive nature. How can I restricts others from accessing or even viewing this record. Though based on Security Roles, all users are allowed to read and write these this entity.

Your assistance is so much appreciated.

Regards, Simon

*This post is locked for comments

  • Venkatesh T J Profile Picture
    Venkatesh T J 10 on at
    RE: Restrict access (including View access) to a specific record

    Hi Aric Levin,

    We tried what you suggested above, still the other user is able to see the record.

    1. We created the separate business unit(XYZ) and assigned different parent BU (ABC)

    2.created a new team(A) in newly created business unit (XYZ).

    3.Created new security role with access to custom entity to level of business unit alone.

    3.Assigned security role to team (A).

    4. Created a record on custom entity and assigned it to the newly created team

    5. We tried to login with differnt user who is not part of business unit(XYZ) and tried to read record , still he is able to do it.

    Would you please advise here, It would be very grateful if we find some solution.

  • ashlega Profile Picture
    ashlega 34,475 on at
    RE: Restrict access (including View access) to a specific record

    Hi Simon,

     you either have to do it through the security roles/business units as Aric suggested or, your other option (though, quite frankly, I would rather go the "security roles" route) might be to create a plugin (retrieve and retrieve multiple ) to exclude those sensitive records from the results and to display error message when somebody tries opening such records (based on the user id/role/etc). There will be backdoors, though.. For example, SSRS reports(including those created with the report wizard) will bypass retrievemultiple plugins

  • Verified answer
    Aric Levin Profile Picture
    Aric Levin 30,188 on at
    RE: Restrict access (including View access) to a specific record

    Hi, that is a good enough situation to do this.

    PARENT BU - CONTAINS ALL USERS

    CHILD BU - NO USERS, CONTAINS 1 TEAM (NO USERS)

    ALL USERS - CHANGE ORGANIZATION READ ACCESS TO BUSINESS UNIT READ ACCESS

    RESTRICTED RECORDS - SET OWNERSHIP TO CHILD BU TEAM

    USERS THAT NEED ACCESS TO RESTRICTED RECORDS - EITHER CREATED ANOTHER SECURITY ROLE FOR THEM (WITH ORGANIZATION READ ACCESS) OR MAKE THEM MEMBERS OF THE CHILD BU TEAM OR SHARE THE RECORDS WITH THEM.

    I think the keeping your ORGANIZATIONAL STRUCTURE AS IT IS WILL NOT ALLOW YOU TO IMPLEMENT THIS,

    The other route is using Plugins on the Retrieve and RetrieveMultiple messages or possibly using Access Teams, but that would complicate things as well.

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Restrict access (including View access) to a specific record

    Thank you Aric for the quick response.

    Unfortunately, that won't help, as I have a single BU (default), and all users belong to this BU, and all users have a security role that has Read/Write on Organizational level

  • Suggested answer
    Aric Levin Profile Picture
    Aric Levin 30,188 on at
    RE: Restrict access (including View access) to a specific record

    The easiest way would be using Business Units and Security Roles.

    Not sure how many business units you already have, but set the ownership of the sensitive records to a user or team in a different business units. Make sure that all users that are not supposed to be able to read those records do not have READ permissions to that business unit. This means that their read permissions would be a different business units only (or parent-child). The users that should be able to see the data of that business unit, should have organization read access, or have the records shared with them or a team they belong to.

    Hope this helps.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Community AMA December 12th

Join us as we continue to demystify the Dynamics 365 Contact Center

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,240 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,104 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans