web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / How to handle 2-dimens...
Customer experience | Sales, Customer Insights,...
Answered

How to handle 2-dimensional security: access teams or custom plugin on retrievemultiple?

(0) ShareShare
ReportReport
Posted on by Suxsem 10

Hi guys!

I have a strange requirement here:

- accounts can be associated to one area (lookup on account) and multiple skills (1-n relationship between accounts and skills)

- salespersons can be associated to multiple areas (1-n relationship between systemusers and areas) and multiple skills (1-n relationship between systemusers and skills)

Salespersons should only see accounts with areas and skills that they can handle.

We are exploring two solutions:

1) Add a custom plugin on the retrievemultiple message of the account entity and only return accounts that matches the calling user

2) Create one access team for every combination of areas and skills (in this case we have almost 100 areas times 150 skills = 15000 access teams) and, where a new account is created, share the account with the correct access team.

What do you think will be the best solution in terms of performances?

If we proceed with the custom plugin on the retrivemultiple, do you think we could have problems in terms of security on what users can do in the system?

Thank you!

I have the same question (0)
  • Verified answer
    David Jennaway Profile Picture
    David Jennaway 14,065 on at

    I think the performance question will depend primarily on the number of shares, which would be the number of accounts * average number of account skills. As a very rough rule of thumb, you should get reasonable performance if this stays noticeably below a million records, but if it's likely to exceed a million records, then you're likely to get performance issues

    There are a few considerations with the doing a custom plugin on retrievemultiple:

    • It works in views and lookups with CRM, but won't apply to running reports, or exporting data via a Dynamic Worksheet, for example
    • It can mess up the paging on results - e.g. the number of records is returned based on the original query, but if you filter some out, this won't update the counts. It may be possible to include logic in the plugin to correct this

    If you do go with the custom plugin on retrievemultiple, I don't see any other problems it would cause with security

  • Suxsem Profile Picture
    Suxsem 10 on at

    Hi David, thank you for your interesting inputs!

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Meet the Microsoft Dynamics 365 Contact Center Champions

We are thrilled to have these Champions in our Community!

Congratulations to the April Top 10 Community Leaders

These are the community rock stars!

Leaderboard > Customer experience | Sales, Customer Insights, CRM

#1
Muhammad Shahzad Shafique Profile Picture

Muhammad Shahzad Sh... 69 Most Valuable Professional

#2
ManoVerse Profile Picture

ManoVerse 62 Super User 2026 Season 1

#3
11manish Profile Picture

11manish 43

Last 30 days Overall leaderboard

Featured topics

Hide selecting Contact for potential customer when creating quote

Product updates

Dynamics 365 release plans