Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / How to handle 2-dimens...
Customer experience | Sales, Customer Insights,...
Answered

How to handle 2-dimensional security: access teams or custom plugin on retrievemultiple?

(0) ShareShare
ReportReport
Posted on by Suxsem 10

Hi guys!

I have a strange requirement here:

- accounts can be associated to one area (lookup on account) and multiple skills (1-n relationship between accounts and skills)

- salespersons can be associated to multiple areas (1-n relationship between systemusers and areas) and multiple skills (1-n relationship between systemusers and skills)

Salespersons should only see accounts with areas and skills that they can handle.

We are exploring two solutions:

1) Add a custom plugin on the retrievemultiple message of the account entity and only return accounts that matches the calling user

2) Create one access team for every combination of areas and skills (in this case we have almost 100 areas times 150 skills = 15000 access teams) and, where a new account is created, share the account with the correct access team.

What do you think will be the best solution in terms of performances?

If we proceed with the custom plugin on the retrivemultiple, do you think we could have problems in terms of security on what users can do in the system?

Thank you!

  • Suxsem Profile Picture
    Suxsem 10 on at
    RE: How to handle 2-dimensional security: access teams or custom plugin on retrievemultiple?

    Hi David, thank you for your interesting inputs!

  • Verified answer
    David Jennaway Profile Picture
    David Jennaway 14,063 on at
    RE: How to handle 2-dimensional security: access teams or custom plugin on retrievemultiple?

    I think the performance question will depend primarily on the number of shares, which would be the number of accounts * average number of account skills. As a very rough rule of thumb, you should get reasonable performance if this stays noticeably below a million records, but if it's likely to exceed a million records, then you're likely to get performance issues

    There are a few considerations with the doing a custom plugin on retrievemultiple:

    • It works in views and lookups with CRM, but won't apply to running reports, or exporting data via a Dynamic Worksheet, for example
    • It can mess up the paging on results - e.g. the number of records is returned based on the original query, but if you filter some out, this won't update the counts. It may be possible to include logic in the plugin to correct this

    If you do go with the custom plugin on retrievemultiple, I don't see any other problems it would cause with security

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,280 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,214 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans