web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Questions about securi...
Microsoft Dynamics CRM (Archived)

Questions about security roles in business units.

(0) ShareShare
ReportReport
Posted on by James F.

If I assigned a user the System Admin role in a child business unit, will they be able make changes on parent business units? 

Is there a way to only allow users to see information in the Business Unit they are assigned? If so can you provide documentation on how to set this up?

*This post is locked for comments

I have the same question (0)
  • Royal King Profile Picture
    Royal King 27,686 on at

    Yes he is able to do anything in the system .System Administrator and system customizer roles are global and you can't restrict access based on the Business unit. Whoever owns this role can do anything on the system regardless of which business unit he attached to.  If you just want to control access to data in the system based on business unit , you can create your security role based on the customer requirement.

  • Suggested answer
    Sayhaitokumar Profile Picture
    Sayhaitokumar 7,042 on at

    Hi James,

    For your 1st Questions answer is No.

    For 2nd question answer is yes, Depending on security role.

  • Verified answer
    Aileen Gusni Profile Picture
    Aileen Gusni 44,524 on at

    Hi James,

    1. If I assigned a user the System Admin role in a child business unit, will they be able make changes on parent business units?

    --> Yes, because the user will be getting a full access (full green circle), it means access to Organization, does not matter the BU or User ownership. Basically, the concept is not the System Admin role is a super user, but the privilege and access for each entities and other misc privileges are set to full access level (full green circle), this access means the user can do anything, so don't confused about the Role Name, you can create your own custom rule to make the user as Business Unit-level System Admin, but not use the standard one, it is totally not touchable.

    2. Is there a way to only allow users to see information in the Business Unit they are assigned? If so can you provide documentation on how to set this up?

    --> Yes, as I mentioned in point 1 before, you can create your own Business Unit-privilege level.

    In your respective entity(the entity that you want to restrict), you can set to Business Unit. It is half circle with Yellow Color.

    BU2.png

    And you can see the Legend here for explanation.

    You can see in this:

    http://msdn.microsoft.com/en-us/library/gg334717.aspx

    How role-based can control your data security.

    and this:

    http://www.powerobjects.com/blog/2014/02/14/microsoft-dynamics-crm-2013-business-units-and-data-silos/

    Hope this helps!

    Thanks.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans