web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics 365 | Integration, Dataverse... / Security structure to ...
Microsoft Dynamics 365 | Integration, Dataverse...
Suggested Answer

Security structure to restrict user access to specific accounts and all associated records

(2) ShareShare
ReportReport
Posted on by CU20110917-0 6
We have a set of customers whose records (anything linked to the account) should only be accessible by users who are security cleared. We plan to implement Business units to separate the users but users who are security cleared can also be the owners of records for customers who don't need security clearance. This means we can't solely use record ownership to control access so looking into assigning records to Business units.
How does assigning records to business units work? If you assign an account to a BU can all linked records e.g. cases automatically move to that BU or does it need to be done on a per table level? 
 
 
Categories:
Dynamics 365 general
I have the same question (0)
  • Suggested answer
    prlopes90 Profile Picture
    prlopes90 48 on at
    Hi,
     
    You can use the modernized business units. If I understood correctly your requirement, it would look like:
     
    User 1 (security cleared) - BU 1 security cleared
    User 2 (not security cleared) - BU 1
     
    Any time an account is created, and it doesn't belong to a security customer, no matter if is user 1 or 2 creating it, you will created a plugin to set its owning business unit as BU 1. Then, you can also add some logic on the child records (like cases) that any time they are created, they will inherit the owning business unit from the related account.
     
    If the account is a security customer, then only users from BU 1 security cleared are allowed to created then. OOB, the system will set their owning BU as BU 1 security cleared só the others won't ser them.
     
    To ensure the guys in the BU 1 security cleared also nave the role belonging to BU 1.
     
    Consider the following links for more details:
     
    Hope I was clear and this helps you.
     
    BR

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Meet the Microsoft Dynamics 365 Contact Center Champions

We are thrilled to have these Champions in our Community!

Congratulations to the March Top 10 Community Leaders

These are the community rock stars!

Leaderboard > Microsoft Dynamics 365 | Integration, Dataverse, and general topics

#1
11manish Profile Picture

11manish 152

#2
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 73 Super User 2026 Season 1

#3
ManoVerse Profile Picture

ManoVerse 55 Super User 2026 Season 1

Last 30 days Overall leaderboard

Featured topics

Welcome to the Microsoft Dynamics 365 forum!
Identifying an Org as CDS or Dynamics
Get batch job history log from D365 FO to Power Automate
Gross and Net Weight of Shipments feeding back into Sales Order (from External Source)

Product updates

Dynamics 365 release plans