Microsoft Dynamics 365 | Integration, Dataverse...

Help with setting Security Model for users.

(0) Share

Report

Posted on by Ugna Undit

Hello Friends,

I request your help! I would like your suggestions with setting up the security model (Business Units, Teams, etc) for the below scenario.

Lets assume a Company XYZ has two Projects (ProjectA and ProjectB), which are sub-contracted to 3 partners (PARTNER1, ..2, ..3). The company builds a CRM App to allow the Partners
to submit Project Progress report.

A Custom Entity (PROGRESS) is planned with the following fields
PARTNER -- (defaults to the Partner submitting the report)
PROJECT -- (Option Set for Projects)
PROGRESS_DESCRIPTION -- (Free text)

=======================================================
PARTNER1
ProjectA-User1 -- must be able to Create/Read/Update,
Only Project A Report
Only for Partner1

ProjectB-User1 -- must be able to Create/Read/Update,
Only Project B Report
Only for Partner1

Partner1-Manager -- must be able to Create/Read/Update,
Both ProjectA and ProjectB Report
But Only for Partner1

=======================================================

PARTNER2
ProjectA-User2 -- must be able to Create/Read/Update,
Only Project A Report
Only for Partner2

ProjectB-User2 -- must be able to Create/Read/Update,
Only Project B Report
Only for Partner2

Partner2-Manager -- must be able to Create/Read/Update,
Both ProjectA and ProjectB Report
But Only for Partner2

=======================================================

CompanyXYZ
CompanyXYZUser -- must be able to Read/Update,
Both ProjectA and ProjectB Report
For All Partners

No Partner must ever be able to READ/UPDATE/CREATE the record of any other Partner

Your suggestions are greatly Appriciated.

Thanks

I have the same question (0)

All responses (4)

Answers (0)

Suggested answer

Community Member on at

Like (0)

Report

Maybe I am over simplifying this:

Assumption - there are more than 6 total users.

Company BU

Two 'child' business units - A and B

Assign the subcons to the child BUs, assign company users to company BU

The child (subcon) BUs get business unit level rights on a security role

The Company/Parent BU gets either org or parent/child rights on a security role.

Was this reply helpful? Yes No
Ugna Undit 35 on at

Like (0)

Report

Hello Mike.

Say If the subcon user (ProjectA-User1) is assigned "Child A" BU level security role, he would still be able to Create/Read records for Both Projects (from that child BU). I would like to restrict him to one Project only. Is there a way?

I appreciate you taking the time to help!

Thanks

Was this reply helpful? Yes No
Suggested answer

Community Member on at

Like (0)

Report

I see where I did not follow. Is there a Project A for each subcon? or is it the same Project A? - I read it as one project a for both subcons, but subcons can only read their records, not the other subcons project A records.

I have never used this, but maybe Hierarchy security is an option for you: docs.microsoft.com/.../hierarchy-security

If you would rather stick to the BU, teams, etc.

- Same Parent/Child BU structure I said before, but (Assuming there is more than 1 member of each 'project team' you could do team ownership, so team A and B for the projects - teams have a user level access right (instead of BU, parent/child, global). The BU manager gets BU level security role - which means they probably wont need to be on a team.

Was this reply helpful? Yes No
Ugna Undit 35 on at

Like (0)

Report

Hi,

I think this solution will work (the one with creating Teams within each child BU for the respective Projects).

Thank You!

Was this reply helpful? Yes No