You’re offline. This is a read only version of the page.
Announcements
130
MS Dynamics 365 v9 On prem.
We need to regulate permission to view opportunities within the account.
For example User A should be able to see all the opportunities of the Account, and User B should be able to see only own.
The permissions should work within the Account, not the Business unit or smth like this, so security roles don't fit our needs (users have Read on organization level for the Accounts and User level for Opportunitites).
Now we have Access Team set up for the account - but in this case all the users added to access team can see all the opportunities for the account, there is no way to restrict to only own.
Got an idea how to implement required.
1) My first access team for Account has Append/Append To/Share/Read/Write permission
2) Account-Opportunity relatioinship has custom cascading wit Share/Unshare/Reparent set to Cascade All.
Need to create second Access team with Append/Append To/Write.
Assigned Owners who need full access should be Added to first team, with Share rights.
Who needs to have access to only own opportunities - should be added to second team
Thanks for the idea.
Maybe it would be better to create access team template for the opportunity and grant access to assigned user for opportunities instead of direct sharing? It think it shoud be better for POA growth reduction.
In that case, you may need to go for record sharing with users. You can register a plug-in which triggers on user is assigned/removed to/from account record. This plug-in will share/unshare all related opportunities with assigned/removed the user. Also there should be another plug-in which triggers on opportunity creation to share newly created opportunity with all the users assigned to the related account record.
Opportunity records should not be shared with the users who supposed to see only their own opportunities. Both User A and User B group of users should have only user level access to opportunity entity.
Note: Upon every record share, system creates a record under POA table. Consider this point in the view of performance as this table grows.
Hi,
In this approach User A with org level read permission on Opportunity will be able to see all the opportunities in the org, but our requirement is a bit different.
User should be able to see only opportunities of the account which he is assigned to (not the owner - there can be many assigned users for Account). And additional to this, we need to regulate
1) If user can see only own opportunities
2) If user can see all the opportunities of the Account which he is assigned to.
Hi scr1pt,
What would be the issue if you follow the below setup? Need to understand more on your requirement.
Create a security role which has user level read permission on Opportunity and assign to User B.
Create another security role which has org level read permission on Opportunity and assign to User A.
You can set Account entity permission in both the security roles according your need.
Let's say there is an account record ABC which can be accessed by both User A and User B. But, after the assigning above roles, User B can see only the opportunities owned by him and User A can see all the opportunities under the account.
#1
André Arnaud de Cal...
291,359
Super User 2024 Season 2
#2
Martin Dráb
230,370
Most Valuable Professional
#3
nmaenpaa
101,156
Share
Report
All responses (
Answers (
