We are implementing a Dynamics CRM 2016 solution for a company which has very specific security requirements.
All of the Organisation records (or Accounts) have organization-wide (or global) read, append and append to rights. We then have Business Unit (local) read access on the child Contact records. This has been achievable using the security roles and works as expected.
Our stumbling block has come in the form of Activities. The business requirements are that a user in a higher business unit (CEO's Office) can add an activity regarding a contact record which is owned by a user in a lower business unit (Sales Department) which is NOT then visible to the owner of the contact record.
I’ve come across this article http://garethtuckercrm.com/2013/04/24/implicit-shares-in-microsoft-crm-2011/ which explains there is a background process which uses the 'Reparent' cascade option whenever an activity is set regarding a parent record (on creating the activity record) to essentially give the owner of the parent record access to the child record regardless of their security role.
From my understanding there is no way to configure the cascade options on activity records as they are an 'out of the box' solution. Please let me know if this is not the case!
I have seen this post https://community.dynamics.com/crm/f/117/t/162833 which has similar requirements to ours and was wondering if there were other scenarios people have come across and the work-arounds people have used.
*This post is locked for comments
I have the same question (0)
