web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / In Dynamics CRM Sales:...
Customer experience | Sales, Customer Insights,...
Answered

In Dynamics CRM Sales: show/hide records of Users in different Business units?

(3) ShareShare
ReportReport
Posted on by B. K. 56
As stated in the title, it's about Dynamics 365 CRM Sales. The question probably reaches into different areas as well... i've got a simple problem:
In my test tenant, I want to create a custom entity, and create records there - it works.
I want to log on into this tentant with multiple users in different business units, that can create records on this custom entity - this works too.
I now want to create records on this custom entity as a user and make them visible for EVERY user in this environment.
I also want to create records on this custom entity as THE SAME user, that only are visible on the business unit the user is in - and this doesn't work!
Note that sharing the records is not an option as it consumes too many ressources.
I've already created a team, where all the users from different business users are in, and which I can assign a security role to show the records. I've also created two security roles that either show the records environment-wide OR business unit wide-
How can I get to the point to create records, that EVERY user can see, even in different business units, and other records with the same user in the same custom entity, that can only be seen from other users in the same business unit?
I hope my question is clear enough!
If not, feel free to ask for more details.
 
Thank you for your answers :)
 
 
Categories:
Dynamics 365 Sales
I have the same question (0)
  • Suggested answer
    Jimmy Passeti Profile Picture
    Jimmy Passeti 669 Most Valuable Professional on at
    Hello,
     
    To do this, you will need to set up Security roles for the users.
    If the user has the read permission for the table and the access level equal Business Unit, then the user is able to see all the records that his business unit own.
     
    Check this documentation:
     
    Regards,
    Jimmy Passeti | Microsoft MVP
    ✅ Please mark as Verified if this answered your question!
     
  • Verified answer
    Daivat Vartak (v-9davar) Profile Picture
    Daivat Vartak (v-9d... 7,835 Super User 2025 Season 2 on at
    Hello CU21021007-0,
     

    You've outlined a common and important requirement in Dynamics 365 Sales: controlling record visibility based on both user and business unit. Let's break down how to achieve your desired outcome.

    Understanding the Problem:

    • Business Unit Security: By default, Dynamics 365 uses business units to isolate data. Users within a business unit typically only see records they own or records shared with their business unit.
    • Record Ownership: When a user creates a record, they become the owner. Ownership plays a crucial role in security and sharing.
    • Security Roles: Security roles define what actions users can perform (create, read, update, delete) and the scope of those actions (user, business unit, parent: child business units, organization).
    • Sharing: Records can be manually shared with specific users or teams.
    • Teams: Teams can own records and be used to grant access to records across business units.

      •  

    Solution:

    To achieve the desired record visibility, you'll need to combine security roles, teams, and potentially record sharing. Here's a step-by-step approach:

    1. Security Roles:

      • Organization-Wide Role:

        • Create a security role that grants "Organization" level read access to your custom entity.
        • Assign this role to the team that includes all users who need to see the "environment-wide" records. 

      • Business-Unit Role:

        • Create a separate security role that grants "Business Unit" level read access to your custom entity.
        • Assign this role to the users who should only see business-unit-specific records.

          •  

    2. Teams:

       

      • Organization-Wide Team:

        • You've already created this team (containing all users). This is correct.
        • Assign the "Organization-Wide Role" to this team. 

      • Business-Unit Teams (Optional but Recommended):

        • Create a team for each business unit.
        • Assign the "Business-Unit Role" to these teams.
        • This makes it easier to manage the users, that should see the business unit records. 

          •  

    3. Record Ownership and Sharing:

       

      • Environment-Wide Records:

        • When a user creates a record that should be visible to everyone, they should either:

          • Assign ownership of the record to the "Organization-Wide Team."
          • Manually share the record with the "Organization-Wide Team."

            •  
           

      • Business-Unit Records:

        • When a user creates a record that should only be visible within their business unit, they should:

          • Keep the record ownership as their user.
          • Do not share the record with the organization wide team. If you have created the business unit teams, you can share the record with the business unit team.

            •  
            

    4. Workflow/Plugin Automation (Optional):

      • To automate the process of assigning ownership or sharing records, you can use Power Automate workflows or custom plugins.

      • For example, you could create a workflow that:

        • Triggers when a record is created.
        • Checks a specific field (e.g., a "Visibility" choice field).
        • If the field indicates "Organization-Wide," it assigns ownership to the "Organization-Wide Team."

          •  
          

      5.  

    Example Scenario:

    • User A (Business Unit 1): Creates a record.

      • To make it visible to everyone, User A assigns ownership to the "Organization-Wide Team."
      • To make it visible only within Business Unit 1, User A keeps ownership as themselves. 

    • User B (Business Unit 2):

      • User B will see the record owned by the "Organization wide team."
      • User B will not see the record owned by User A, if that record was not shared with the organization wide team. 

        •  

      •  

    Key Considerations:

    • Record Ownership: Record ownership is the primary factor determining visibility.
    • Team Ownership vs. Sharing: Team ownership grants broader access than individual sharing.
    • Security Role Scope: Carefully define the scope of your security roles.
    • Automation: Automate record sharing or ownership assignment to reduce manual effort.
    • Testing: Thoroughly test your security configurations to ensure they meet your requirements.

      •  

    By implementing these steps, you can effectively control the visibility of your custom entity records based on both user and business unit.

     
    If my answer was helpful, please click Like, and if it solved your problem, please mark it as verified to help other community members find more. If you have further questions, please feel free to contact me.
     
    My response was crafted with AI assistance and tailored to provide detailed and actionable guidance for your Microsoft Dynamics 365 query.
     
    Regards,
    Daivat Vartak
  • B. K. Profile Picture
    B. K. 56 on at
    Okay, requirements in short:
     
    One custom entity. In this entity: 
    - a user creates records, only visible to own business unit
    - the SAME user creates records, visible to all users in all business units
     
    NO sharing. (creates access-records)
    NO access teams. (also creates access-records)
     
    Maybe I haven't understood the linked page right, but I didn't find a solution to this problem in Jimmy Passetis answer.
    Maybe solution 4 with plugins from Daivat Vartak is my only alternative? Or is there a non coding way in admin.powerplatform or make.powerapps?
  • Verified answer
    B. K. Profile Picture
    B. K. 56 on at
    So, I've got a solution to this problem now. Daivat Vartak's answer partially contains it, BUT the following part 
     
    • Create a security role that grants "Organization" level read access to your custom entity
     
    was what failed me. I needed to only grant "User" level read (and write) access to the custom entity, and it worked as intended.
     
    Still, thank you for your help :)  

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Customer experience | Sales, Customer Insights, CRM

#1
Tom_Gioielli Profile Picture

Tom_Gioielli 70 Super User 2025 Season 2

#2
Gerardo Rentería García Profile Picture

Gerardo Rentería Ga... 33 Most Valuable Professional

#3
Daniyal Khaleel Profile Picture

Daniyal Khaleel 32 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Hide selecting Contact for potential customer when creating quote

Product updates

Dynamics 365 release plans