Skip to main content

Notifications

Announcements

Check out the New Agent Creator Community
News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics 365 | Integration, Dataverse... / Security structure to ...
Microsoft Dynamics 365 | Integration, Dataverse...
Suggested answer

Security structure to restrict user access to specific accounts and all associated records

(2) ShareShare
ReportReport
Posted on by CU20110917-0 6
We have a set of customers whose records (anything linked to the account) should only be accessible by users who are security cleared. We plan to implement Business units to separate the users but users who are security cleared can also be the owners of records for customers who don't need security clearance. This means we can't solely use record ownership to control access so looking into assigning records to Business units.
How does assigning records to business units work? If you assign an account to a BU can all linked records e.g. cases automatically move to that BU or does it need to be done on a per table level? 
 
 
Categories:
Dynamics 365 general
  • Suggested answer
    prlopes90 Profile Picture
    prlopes90 48 on at
    Security structure to restrict user access to specific accounts and all associated records
    Hi,
     
    You can use the modernized business units. If I understood correctly your requirement, it would look like:
     
    User 1 (security cleared) - BU 1 security cleared
    User 2 (not security cleared) - BU 1
     
    Any time an account is created, and it doesn't belong to a security customer, no matter if is user 1 or 2 creating it, you will created a plugin to set its owning business unit as BU 1. Then, you can also add some logic on the child records (like cases) that any time they are created, they will inherit the owning business unit from the related account.
     
    If the account is a security customer, then only users from BU 1 security cleared are allowed to created then. OOB, the system will set their owning BU as BU 1 security cleared só the others won't ser them.
     
    To ensure the guys in the BU 1 security cleared also nave the role belonging to BU 1.
     
    Consider the following links for more details:
     
    Hope I was clear and this helps you.
     
    BR

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Check out the New Agent Creator Community

Quick Links

Ramesh Kumar – Community Spotlight

We are honored to recognize Ramesh Kumar as our July 2025 Community…

Congratulations to the June Top 10 Community Leaders!

These are the community rock stars!

Announcing the Engage with the Community forum!

This forum is your space to connect, share, and grow!

Leaderboard > Microsoft Dynamics 365 | Integration, Dataverse, and general topics

#1
Adis Profile Picture

Adis 136 Super User 2025 Season 1

#2
Sohail Ahmed Profile Picture

Sohail Ahmed 81

#3
Jonas "Jones" Melgaard Profile Picture

Jonas "Jones" Melgaard 77 Super User 2025 Season 1

Last month Overall leaderboard

Featured topics

Get batch job history log from D365 FO to Power Automate
Gross and Net Weight of Shipments feeding back into Sales Order (from External Source)

Product updates

Dynamics 365 release plans