web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Restrict access (inclu...
Microsoft Dynamics CRM (Archived)

Restrict access (including View access) to a specific record

(0) ShareShare
ReportReport
Posted on by Community Member

Hello,

I have a custom entity, one of its records is of a sensitive nature. How can I restricts others from accessing or even viewing this record. Though based on Security Roles, all users are allowed to read and write these this entity.

Your assistance is so much appreciated.

Regards, Simon

*This post is locked for comments

I have the same question (0)
  • Venkatesh T J Profile Picture
    Venkatesh T J 10 on at
    RE: Restrict access (including View access) to a specific record

    Hi Aric Levin,

    We tried what you suggested above, still the other user is able to see the record.

    1. We created the separate business unit(XYZ) and assigned different parent BU (ABC)

    2.created a new team(A) in newly created business unit (XYZ).

    3.Created new security role with access to custom entity to level of business unit alone.

    3.Assigned security role to team (A).

    4. Created a record on custom entity and assigned it to the newly created team

    5. We tried to login with differnt user who is not part of business unit(XYZ) and tried to read record , still he is able to do it.

    Would you please advise here, It would be very grateful if we find some solution.

  • ashlega Profile Picture
    ashlega 34,477 on at
    RE: Restrict access (including View access) to a specific record

    Hi Simon,

     you either have to do it through the security roles/business units as Aric suggested or, your other option (though, quite frankly, I would rather go the "security roles" route) might be to create a plugin (retrieve and retrieve multiple ) to exclude those sensitive records from the results and to display error message when somebody tries opening such records (based on the user id/role/etc). There will be backdoors, though.. For example, SSRS reports(including those created with the report wizard) will bypass retrievemultiple plugins

  • Verified answer
    Aric Levin - MVP Profile Picture
    Aric Levin - MVP 30,190 Moderator on at
    RE: Restrict access (including View access) to a specific record

    Hi, that is a good enough situation to do this.

    PARENT BU - CONTAINS ALL USERS

    CHILD BU - NO USERS, CONTAINS 1 TEAM (NO USERS)

    ALL USERS - CHANGE ORGANIZATION READ ACCESS TO BUSINESS UNIT READ ACCESS

    RESTRICTED RECORDS - SET OWNERSHIP TO CHILD BU TEAM

    USERS THAT NEED ACCESS TO RESTRICTED RECORDS - EITHER CREATED ANOTHER SECURITY ROLE FOR THEM (WITH ORGANIZATION READ ACCESS) OR MAKE THEM MEMBERS OF THE CHILD BU TEAM OR SHARE THE RECORDS WITH THEM.

    I think the keeping your ORGANIZATIONAL STRUCTURE AS IT IS WILL NOT ALLOW YOU TO IMPLEMENT THIS,

    The other route is using Plugins on the Retrieve and RetrieveMultiple messages or possibly using Access Teams, but that would complicate things as well.

  • Community Member Profile Picture
    Community Member on at
    RE: Restrict access (including View access) to a specific record

    Thank you Aric for the quick response.

    Unfortunately, that won't help, as I have a single BU (default), and all users belong to this BU, and all users have a security role that has Read/Write on Organizational level

  • Suggested answer
    Aric Levin - MVP Profile Picture
    Aric Levin - MVP 30,190 Moderator on at
    RE: Restrict access (including View access) to a specific record

    The easiest way would be using Business Units and Security Roles.

    Not sure how many business units you already have, but set the ownership of the sensitive records to a user or team in a different business units. Make sure that all users that are not supposed to be able to read those records do not have READ permissions to that business unit. This means that their read permissions would be a different business units only (or parent-child). The users that should be able to see the data of that business unit, should have organization read access, or have the records shared with them or a team they belong to.

    Hope this helps.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Join experts in person to explore low code and AI agents at the Power Platform Community Conference sponsored by Microsoft

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Abhilash Warrier – Community Spotlight

We are honored to recognize Abhilash Warrier as our Community Spotlight honoree for…

Congratulations to the September Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
HR-09070029-0 Profile Picture

HR-09070029-0 2

#2
ED-30091530-0 Profile Picture

ED-30091530-0 1

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans