Microsoft Dynamics 365 | Integration, Dataverse...

More and more users are appearing on the Full Access User view costing our client money

(0) Share

Report

Posted on by Wardog51502

Powerobjects pricing model for an SMS module on the Dynamics instance is based on the Users that appear in the Full Access User view. That view simply looks at enabled users with Read/Write accessmode. My client recently received a bill that was 5 times higher than the previous month. Part of it was due to a 50 cent increase per user on their pricing model. The majority of it came from them billing for 5000 users instead of the normal 1500 that they have been getting billed for. I watched that view all day long and 12 more new users appeared on it during the day. They were all new employees simply assigned F3 licenses that allow them to use the basic microsoft tools. I see accessmode on systemuser had a Read only setting but you can't update that column anywhere even through powershell. Does anyone know what has changed that would cause this over the last few months?

The real kicker is we only have 140 active CRM users that would have had access to the SMS functionality which is all they should have been billed for over the last 5 years. This feels like a scam that turned into a financial nightmare for them.

I have the same question (0)

All responses (9)

Answers (0)

Guido Preite 54,086 Moderator on at

Like (0)

Report

did you contact PowerObjects/HCL?

Was this reply helpful? Yes No
Suggested answer

PerezAguiar Microsoft Employee on at

Like (0)

Report

Hi!

As a security measure, you can start by applying a security group to the environmen, with only the users you need to access on it. This way, those people that might have received another license, or if there's any "Pay as you go" license, or PerApp license would be disabled.

Regards

Was this reply helpful? Yes No
Wardog51502 5 on at

Like (0)

Report

I got low level support but they just regurgitated what I knew. When I started to talk about licensing they said open a case which I can't do as a contractor.

Was this reply helpful? Yes No
Wardog51502 5 on at

Like (0)

Report

I don't believe its about access. These users can't get into the CRM. I'm trying to get them off the Full Access User view but the criteria is so simple that everyone falls under it. It has something to do with us moving off Basic Authentication. When I followed those instructions everyone appeared on the list.

Was this reply helpful? Yes No
Guido Preite 54,086 Moderator on at

Like (0)

Report

this is not PowerObject/HCL support forum. if your customer has a problem with them you need to open a case, if you as contractor you can't do then inform your customer and ask them to open the case.

It's a paid product, they need to explain to you in which way they charge the amount of users and why your users without accessing Dynamics are charged too.

Was this reply helpful? Yes No
Suggested answer

PerezAguiar Microsoft Employee on at

Like (0)

Report

hi!

FullAccess users is populated usually by filling the following conditions:

- Is user enabled on AzureAD?
- Does user has a valid license?
- Is user part of security group?

If the tenant has some particular licenses (PowerApps per app, Project, or certain M365), users might be synchronizing into the environment and therefore, showing on "Full Access users". That's why, using a Security Group allows you to control not only access to the environment but also the user synchronization process.

You can also open a support request to dig furthermore, and check why the increase in the number of users.

Regards

Was this reply helpful? Yes No
RyeTeacher 163 on at

Like (0)

Report

I am having this same issue of users appearing on the full access users. It seems kind of random. What do you mean by using a security group, how would that stop users from appearing on that full access users list? I want the users to be able to use email, teams and one drive. But they don't need to have any access to Dynamics 365.

Was this reply helpful? Yes No
Suggested answer

PerezAguiar Microsoft Employee on at

Like (0)

Report

Hello Rachel!

on https://learn.microsoft.com/en-us/power-platform/admin/control-user-access#associate-a-security-group-with-an-environment you have the required steps. Basically: if you create a security group on Azure/M365 portal, you can restrict access to Dynanmics/powerPlatform only to the people added to that specific security group, without affecting the other apps they use (Sharepoint, OneDrive)

Regards,

Was this reply helpful? Yes No
RyeTeacher 163 on at

Like (0)

Report

Thank you, I followed the instructions and created a security group. I assigned six people to the group and I also added the security group to the environment, but I am still seeing people that are not in the group as part of the full access users. Am I doing something wrong?

Was this reply helpful? Yes No