Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / How to secure PSA deta...
Finance | Project Operations, Human Resources, ...
Answered

How to secure PSA detail like time entries, approvals and actuals?

(1) ShareShare
ReportReport
Posted on by Marcel Lathouwers 168

We have PSA (v3) setup in an customer environment that needs to protect project information from users. So we created business units and gave users roles with max priveliges on bu level. 

Unfortunately a lot of records that PSA creates eg approval and actuals are created and owned by user SYSTEM and thererfor in the top BU. The users belonging to a child BU will not be able to see the actuals for there project. 

I'm suprised that MS has intorduced a 'all or nothing' principle. Is there a supported way to deal with tighter security, but still all functionality in place, like approving, invoicing, credit invoicing?

apa 

  • Marcel Lathouwers Profile Picture
    Marcel Lathouwers 168 on at
    RE: How to secure PSA detail like time entries, approvals and actuals?

      Thanks for suggesting, but it would probably create a performance nightmare on the POA table

  • Marcel Lathouwers Profile Picture
    Marcel Lathouwers 168 on at
    RE: How to secure PSA detail like time entries, approvals and actuals?

    Thx Thomas Schick, we were on the same road, but wanted to check to be (more) sure.

  • Suggested answer
    Thomas Schick Profile Picture
    Thomas Schick 202 on at
    RE: How to secure PSA detail like time entries, approvals and actuals?

    Hey Marcel,

    You are completely right in that the PSA solution is not business unit-aware. I was facing the same issue a couple of years ago and went as far as creating a support ticket with the PSA Team. They told me they are aware of the issue and would rethink their position (they didn't).

    I would not recommend using the sharing functionality in this case (or at all). It is cumbersome and bad for performance, as it creates records in the Principal Object Access table, which have to get checked every time a Retrieve is performed in the system. The bigger this table gets, the worse the overall system performance becomes. Sharing creates tons of records in the POA.

    For these tables where SYSTEM becomes the owner, I recommend creating Flows/Workflows/Plugins that assign the records to people based on your business logic. For example, actuals in our system get assigned to the project manager that is set in the project. Same with project approvals.

    Hope I could help,

    Thomas

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: How to secure PSA detail like time entries, approvals and actuals?

    Hi Marcel,

    Maybe you can share these records with users or teams:

    Dynamics 365: Share and Share Alike - CRM Software Blog | Dynamics 365

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

photo of Muhammad Affan

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

thumbnail image of a pie chart section

Top 10 leaders for November!

Congratulations to our November super stars!

thumbnail image of the word Tip

Tips for Writing Effective Verified Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,431 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,503 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP

Product updates

Dynamics 365 release plans