web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / How to block certain r...
Microsoft Dynamics CRM (Archived)

How to block certain records from a security role ?

(0) ShareShare
ReportReport
Posted on by Community Member

Hello experts, 

Recently we encountered the following problem while working on the security roles and the visibility of records: the security role Agent is at the bottom of the organizational hierarchy model, yet they need an organizational access to all the contact records, regardless of which agency (business unit) they belong to. The problem is that now they want to block a certain contact records from these agents, and we cannot just change their access to the contact entity to level Deep cuz they need to see other records from the other agencies or countries. 

So is there a way to block a certain records from them? 

Thank you for your help! 

Cheers

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    Radu Chiribelea Profile Picture
    Radu Chiribelea 6,667 on at

    Hi Yi Yang,

    The security roles permissions apply to all records - so if a user has read privilege (organization level) for Accounts - he will be able to read all of them, without any restrictions.

    Maybe you could explore the access teams msdn.microsoft.com/.../dn481569.aspx and see if you can use that to grant access to certain record to certain users only.

    Hope this helps,

    Radu

  • Suggested answer
    Syed Ibrahim Profile Picture
    Syed Ibrahim 6,257 on at

    Unfortunately we can't restrict permission for few records alone.. I advise is to create separate security roles permissions .

    Hope this helps

  • Suggested answer
    Karsten Wirl Profile Picture
    Karsten Wirl 4,477 on at

    Hello Yi.

    I recommend the use of owner teams or access teams. I realized a similiar scenario with Owner-Teams. But it's highly complex and requires strict control through Admins.

    Kind regards,

    Karsten

  • Community Member Profile Picture
    Community Member on at

    Hello Karsten, thank you for your reply. I have been looking into assess teams and owner teams, however they are managed by entity, so even if I create an assess team for these contact records, the agents (who have organisation level read access) will still see the contact records right ?

    Thank you.

    Begards,

    Yi

  • Community Member Profile Picture
    Community Member on at

    Hello Syed, thank you for your reply, yeah we did create separate security roles, the problem is the security role Agent need to have an organisation level read access over the contact records for business concern, and we are trying to find a way to <hide> a certain specific contact records from them.

    Thank you.

    Regards,

    Yi

  • Community Member Profile Picture
    Community Member on at

    Hi,

    A workaround of this is to Hide/Show certain Views. Create specific Views to be used for certain groups of people, and filter them based on what they need to see.

    Granted, this does not provide high levels for security purposes, but if that is not a concern, a customized View could help.

  • Suggested answer
    ashlega Profile Picture
    ashlega 34,477 on at

    Hi Yi Yang,

     if there is a "class" of contacts you want to exclude, you might create two teams, add regular contacts to one team and "protected" contacts to the other, then add all agents to the first team and adjust their security so they don't have org-level access. They will see those "common" contacts through team membership, and all other contacts will have to be shared with them.

     if it's more about having "exceptions" for just about any contact (as in you want to have  the ability to prevent any agent from seeing any contact), that's the most complicated security scenario for Dynamics, and you'll need to resort to the sharing and/or team membership.

     For example, you might create a set of plugin to always have a team per contact, to share each contact with the team, and to maintain team membership for the agents automatically (and, then, you may introduce some kind of user-contact N:N to identify those agents that should not have access to a contact.. then the plugin will take care of maintaining team membership). That would a bit of development, that might introduce performance issues, and would require quite a bit of testing.

  • Community Member Profile Picture
    Community Member on at

    Hello Alex, thank you for your reply. The reason why we granted org-level read access to security role Agent is that they need to see all the contacts in other business units, (ex: agents who work in the UK need to see the contact records in France.... ) If we manage this with teams, and remove their org-level read access, that will affect the business practice.

    Basically there are two types of contacts, "normal contacts" and "service provider contacts", and we want to hide the latter from agents.

    I will think about the plug-in option that you mentioned.

    Thank you ,

    Regards,

    Yi

  • Community Member Profile Picture
    Community Member on at

    Hello Jarren, thank you for your reply. However the role-based view functionality is not available anymore, at least not for free at this date.

    Check out this link: archive.codeplex.com

    Thank you.

    Regards,

    Yi

  • Karsten Wirl Profile Picture
    Karsten Wirl 4,477 on at

    Hi there.

    Yes, this is correct.

    You must combine the three security elements... sec role, team and owner.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans