web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Security Role behaviou...
Microsoft Dynamics CRM (Archived)

Security Role behaviour in a hierarchical business unit environment

(0) ShareShare
ReportReport
Posted on by Community Member

I'm struggling with a probable issue in my security setup.

The setup is as follows:

                                                          Root Business Unit

             Business Unit A                  Business Unit B

Business Unit C                                               Business Unit D 

User Role Type 1: Access level on Lead Entity are set to None on all privileges besides Read.

User Role Type 2: Can create, read, write etc. on lead entity

User 1 lives in Business Unit C

User 2 lives in Business Unit D

When testing I use the following scenario:

Create lead using a User 2

Check behaviour of lead using User 1

Create lead using User 1

Result:

User 1 can read, write and disqualify lead created by User 2

User 1 can read, write, delete, append, append to lead created by User 1

From what I understand this behaviour is not correct. What are the obvious things I need to look for. I think I have exhausted the available options. I may just be missing something very basic here.

Any guidance will be appreciated!

Thank you.

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    MilindP Profile Picture
    MilindP 1,019 on at

    Please check the status of Hierarchy Security  (Setting->Security->Hierarchy Security) and relationship between user1 and user2

    if user1 is a manager of user2... and Hierarchy Security is enabled then User 1 can modify the records created by user2

    Or

    Check if there are any Access Teams are created for Lead entity where user1 & User2 are the part of the team.

  • Suggested answer
    Drew Poggemann Profile Picture
    Drew Poggemann 4 on at

    Hi Alihs,

    If you have hierarchical security enabled then this can happen if user 1 is setup as a manager of user 2 or in a role hierarchy above user 2.  This is a new security structure added with update 1 in CRM 2015.  Please check to see if this could cause the issue as this would be expected behavior in that case.

    Thanks,

  • Drew Poggemann Profile Picture
    Drew Poggemann 4 on at

    Sorry, I didn't see Milind's post which I agree with.  Sorry for the duplicate...

  • Community Member Profile Picture
    Community Member on at

    Apologies for the delay in getting back. Thanks for your reply.

    I have checked the Hierarchy Security and manager relation. The HS modelling option is not enabled and there isn't any relationship between the two Users.

    I've tried a few different scenarios and the setup doesn't seem right. I can access Leads, but I cannot access Accounts - for which I setup the same privileges to test if I was missing something basic.

    So Accounts behave as they need to, but leads don't.

  • Suggested answer
    Drew Poggemann Profile Picture
    Drew Poggemann 4 on at

    Hi Alihs,

    What you are saying is happening really should not be possible if hierarchical security is setup the way you identified.

    Things to check:

    1.  Verify hierarchy of the business units.  Make sure the parents are setup the way you think they are.  

    2.  Verify user 1 is assigned to business unit C and user 2 is assigned to business unit D.  You will see this on their user profile under "Business Unit" field

    3.  Verify the user's roles that they are only assigned the roles you think they are and no others.

    4.  Check the role and look at the lead entity, make sure it is set something like the following image:

    Screen-Shot-2015_2D00_10_2D00_26-at-11.26.49-AM.png

    5.  Verify no Access teams are setup

    6.  Verify hierarchical security is turned off (you already mentioned this was the case).

    7.  Create new records for the test to verify nothing is "Shared"

    Please let me know if all these check out successfully and you are still having the issue.

    Thanks,

  • Community Member Profile Picture
    Community Member on at

    Thanks for your detailed reply.

    In the end this was related to the default inherited team that CRM associated with the User.

    This team had a different security role than the user. The team security role had Read/Write/Create...etc. privileges, which caused the issue.

    Since the security structure isn't team driven, I have changed this to be the same as the Users security role. Will probably need to create a generic team security role, that allows the user's security role to take precedence.

    Once again, thanks for your input all.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Meet the Microsoft Dynamics 365 Contact Center Champions

We are thrilled to have these Champions in our Community!

Congratulations to the March Top 10 Community Leaders

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
JS-09031509-0 Profile Picture

JS-09031509-0 3

#2
AS-17030037-0 Profile Picture

AS-17030037-0 2

#2
Mark Eckert Profile Picture

Mark Eckert 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans