You’re offline. This is a read only version of the page.
380
Hi All. I've found that security access is inheriting through the Regarding field on activities. For example, the owner of an account has access to all the activities which are 'regarding' the account.
For example, suppose 2 sales reps have user-level write access to activities. So they can only edit their own activities. Sales rep 1 creates an activity and sets the 'regarding' to be an account which is owned by sales rep 2. Now both users are able to edit the activity.
I've tried this with multiple activity entities, and multiple 'regarding' entities. This is CRM Online 9.0.1.459.
Is this by design? I've never seen this documented anywhere.
*This post is locked for comments
You're right, the system actually creates a sharing record that is hidden from the users. It's stored in the 'principalobjectaccess' entity. I've also found that changing this relationship behavior does not update existing records, so they are still shared with the original parent. But other than that, it works to 'spec'.
It is OOB Relationship Behavior, which is sharing the records to sales rep 2. You can see in the Account to Task relationship, where “Reparent” action has “Cascade all”. Hence, it is allowing to sales rep 2. If you don’t want to allow the records to sales rep 2 then modify relationship behavior as below.
You can find more information about “Reparent” action from below link:
Thanks,
Hi,
Agree I also don't find any MS KB for this but above post in Dynamics CRM Team Blog.
I understand why you might have defacto access, because assigning the parent would re-assign the children. But even if you change the field behavior to be configurable-cascading, and set everything to: cascade none, the access is still inherited from the 'parent'.
This 'loophole' (as the blog calls it) really should be formally documented by Microsoft. Does this apply at all parental relationships? Or just 'regarding' and 'customer' fields?
Hi,
This will only happen if sales rep 2 is owner of the Account, otherwise not. Just tested it on trial, I created one account where owner is sales rep1 and now sales rep2 added an activity to this account, sales rep1 will have access to this activity. This is happening because of cascaded access
This should help you: blogs.msdn.microsoft.com/.../cascaded-security-privileges-and-sharing
Stay up to date on forum activity by subscribing. You can also customize your in-app and email Notification settings across all subscriptions.
#1
André Arnaud de Cal...
291,253
Super User 2024 Season 2
#2
Martin Dráb
230,188
Most Valuable Professional
#3
nmaenpaa
101,156
Share
Report
All responses (
Answers (