Announcements
No record found.
Hi I am reposting this question because it is still not resolved. I have a sales person role where I only give user level access to read, write, create and delete. The other roles are the Common Data service user, the App for Outlook , the Enterprise App role an this new sales person role. The reps are not in a team other than the Business Unit team. They are able to see all accounts and all active accounts when they should only be able to see their own. Can anyone help with this? The client does not want sales representatives to see other accounts in the system.
Hi Debbie,
Please, check the following points:
* Security roles assigned for the BU Team that user is included
* Check if the account record is shared with a Team
* Inherited action caused by relationship behavior: docs.microsoft.com/.../use-record-based-security-control-access-records
Thanks,
Have you checked if BU team have any security role assigned or not?
Hi Alok I am not sure how to do that? Can you tell me how to check that?
1) Access the Dynamics 365 as administrator > Advanced Settings > Security > Teams
2) Access the BU Team and use the associated menu to access the Security Roles:
3) Remove any role assigned here
Hi Ricardo, no security roles are assigned to the business unit. This is CRM online Enterprise Sales App. Could hat make a difference. You sent me info for on-premise
The security model is the same for OnPremise and Online environments. If the options that I provided didn't solve the issue, maybe a deeper analysis will be required (using Fiddler, browser debugger or even at db level to understand from where this privileges are coming from).
I recommend to test the same behavior using an InPrivate browser session to eliminate cache credentials. If you have sure that no Read privilege (Organizational level) is defined for the mentioned roles, maybe a support ticket would be necessary.
If Team has any security role assigned and role has Account priviege higher than user level permission, then user will be able to view all account from organisation.
Kindly go to Advanced Setting from D365
Go to Security---->Select Team
Search for Business Unit Team ( Same name as BU)
After getting the Team , select and click manage role from ribbon
Check if team has any security role assigned or not
Hi Ricardo, this CRM system is integrated with Business Central. I did not do that piece but what I found out was a sub business unit was created for the integration and a team was set up on that BU. The permissions on account, contact etc. was at organization level. Do you know if we take the sales people out of this team it will not stop the synchronization with BC or should I just adjust the security roles to user level? Thanks for you help in advance.
User must have inherited read privilege from either sharing or assigning other accounts or a team he is a member of.
Check who is the owner of the accounts. The security role works on the owner of the records. If the owner of the account is a team the members within the teams can see accounts.
Here is the XrmToolBox - Tool > User Security Manager where you can check what are the roles user assigned
Under review
Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.
Congratulations to our 2026 Super Stars!
We are thrilled to have these Champions in our Community!
These are the community rock stars!
Stay up to date on forum activity by subscribing.
ManoVerse 182 Super User 2026 Season 1
11manish 123
CU11031447-0 100
