Two users with same security privileges in reality have different access

(0) Share

Report

Posted on by Community Member Microsoft Employee

Hello!

Two users have the same security role applied to both of them. This role has only basic access level privileges for all actions on opportunity records. Security for one user behaves exactly as expected, he can read/write/etc only records created by him, but security for another one does not apply at all: he can view and edit all of the opportunity records, regardless of the ownership. No other security roles are applied to any of them. Both of these users are in the same business unit and same team.

Because I've spent so much time trying to fix it here is in point form everything that I've tried to no avail:

Changing the business unit does not help, the user can read/write records owned by any business unit
Changing the team does not change anything either
I am absolutely positive that there is only one security role applied, so no cumulative privileges issues here
The records are not shared. Or at least, when I open the sharing form, no usernames show up
Both users have same license mode (professional) and same and access mode (read-write)
Hierarchy security is disabled
Tuning it on and off type solutions do not help, in particular:
- Disabling the security role and applying it back
- Copying the security role and applying the new one
- Disabling the user and enabling him back
- Restarting the server
Removing all of the opportunity entity privileges completely actually does disable both of them from opening opportunity records altogether. But giving back even basic privileges re-enable the god-mode user to do whatever he wants with the opportunities.

Being able to poke around the system is probably needed to troubleshoot this kind of problem with an unknown cause. So any hint as to in which direction I should be looking would be very much appreciated. Some setting, an article on ThechNet/MSDN, a keyword to Google Bing, anything!

I suspect it might have something to do with the SQL database permission, but my experience in with Microsoft SQL is very limited.

We are using Microsoft Dynamics CRM 2016 on-premise.

*This post is locked for comments

All responses (4)

Answers (0)

Community Member Microsoft Employee on at

Like (0)

Report

RE: Two users with same security privileges in reality have different access

Hello, Alex!

Thank you for your suggestions! I changed up the permissions on the Contacts entity to match all permissions on the Opportunity entity and security behaves just as expected: users can see only records owned by them. So it looks like this problem is specific to the Opportunities.

Applying advanced find also shows the exact same security roles and teams fro the both users. And the roles and teams are exactly the ones which were expected.

Please let me know if this tells you anything important or if you can think of other things I should look into
Community Member Microsoft Employee on at

Like (0)

Report

RE: Two users with same security privileges in reality have different access

Hello, Alex!

Thank you for your suggestions! I changed up the permissions on the Contacts entity to match all permissions on the Opportunity entity and security behaves just as expected: users can see only records owned by them. So it looks like this problem is specific to the Opportunities.

Applying advanced find also shows the exact same security roles and teams fro the both users. And the roles and teams are exactly the ones which were expected.

Please let me know if this tells you anything important or if you can think of other things I should look into.
ashlega 34,475 on at

Like (0)

Report

RE: Two users with same security privileges in reality have different access

Hi Alexandr,

I don't think it's SQL database - Dynamicsis applying its own permissions by adding conditions to the SQL queries, so it would not change anything for Dynamics if the user were a SQL admin, for example.

It must be something in Dynamics..

I am wondering if that user can see opportunities only or if he can see everything else, too?

Anyway, since some of the default views have filters, what I would try is:

- Go to advanced find

- Select Security Roles entity

- In the conditions, select Related->Users

- And, then, under "Users", choose User Equals <user in question>

See what comes up and if you get the same results for the other user

Then do the same for teams (choose team entity, and use the same kind of user condition)
Suggested answer

Community Member Microsoft Employee on at

Like (0)

Report

RE: Two users with same security privileges in reality have different access

Hi Alexandr,

it maybe a customization behaviour.

Please try to disable all plugin step over entity (with Retrieve and RetrieveMultiple is possible to hide records).

Please let me know.

If you found the answer helpful, please mark as Verified

Join my network on LinkedIn Follow me on Twitter

Thank You & Best Regards

Francesco Picchi

Microsoft Dynamics CRM Consultant, Bologna+Milano, ITALY

Independent Contractor

http://www.francescopicchi.com