Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Security Model Archite...
Microsoft Dynamics CRM (Archived)

Security Model Architecture

(0) ShareShare
ReportReport
Posted on by ArdantHammer 370

I am building a security model for an instance of dynamics. Doing so for entities like accounts and contacts has been relatively straight forward. However, I am encountering some issues with cases. The dynamics security model is built around ownership, but cases are re-assigned all over the place based on who is working on them. In this environment, we have group A who can see everything and group B who can see a subset of data. However, Group A may work on cases that should be seen by group B and some that should not. Dynamics to my understanding would give them access to all of Group A's cases or none if they are owned by group A.

My solution for contacts and accounts was to have them owned by various teams in various BU that would allow different subsets of data to be made visible to people by adding them to the appropriate team based on data in the account record. However, with cases I don't see how to resolve this issue without changing the ownership scheme. Has anyone encountered this or have any ideas? 

*This post is locked for comments

  • ArdantHammer Profile Picture
    ArdantHammer 370 on at
    RE: Security Model Architecture

    The Teams and access are built around a custom entity linked to accounts. So all cases that are linked to x-y accounts are team x but cases for accounts c-d are part of team d. This is how the other entities are currently set up. Does that make sense?

  • ashlega Profile Picture
    ashlega 34,475 on at
    RE: Security Model Architecture

    Hi John,

    so  B users should still be able to see some of the cases "worked on" by the A users?

     How would the teams work then? Would you have a team per case? (in which case yes, you can add users to such teams.. but it's the same as having access teams)

  • ArdantHammer Profile Picture
    ArdantHammer 370 on at
    RE: Security Model Architecture

    Alex,

    My understanding is the problem with using a parent BU A and a child BU B would be the only cases that BU B would see in the ones owned by people in BU B. So if a case was owned by a user in BU A they would not see it. Unless they have organizational level security role in which case they would see all the cases in BU A.

    Other Entities are broken out into Business units and are owned by teams and use cascading assign and processes to keep them assigned to the appropriate teams for each of the different Business units. But cases are owned by users...

    Does that make sense?

  • ashlega Profile Picture
    ashlega 34,475 on at
    RE: Security Model Architecture

    And sure, you can use team ownership with that custom field to identify the actual case worker.  Just keep in mind that ownership affects some other things (with the owner field, you can use hierarchy security if you ever choose to.. you can use "cascade all" setting on the relationships to propagate "assign" operation to the child entities.. )

  • ashlega Profile Picture
    ashlega 34,475 on at
    RE: Security Model Architecture

    So if you have a case.. Group A should have access to it all the time.. but group B should have access to only some cases (just re-reading your requirements)

    What about other entities? Could you create two business units? BUA and BUB where BUB is a child business unit for BUA.

    If you place GroupB users in BUB and GroupA users in BUA, you shoudl be able to configure owner security so that GroupA users will see everything and GroupB users will see cases in their BU only

  • ArdantHammer Profile Picture
    ArdantHammer 370 on at
    RE: Security Model Architecture

    How bad of an idea would it be to create a second field on cases that would be the "current case worker" so that the records could be owned by teams based on the customer?

  • Suggested answer
    ashlega Profile Picture
    ashlega 34,475 on at
    RE: Security Model Architecture

    Hi John,

     if it's not "A can see all of B, but B can see none of A", then there is not a lot you can do other than start using "sharing"(in different forms: you can share records with users or teams, you can create manual access teams per record and keep adding users to those access teams, or/and you can create access team templates and use those)

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,280 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,214 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans