Skip to main content

Notifications

Announcements

No record found.

Microsoft Dynamics 365 | Integration, Dataverse...
Suggested answer

Restrict User(s) from the same Business Unit from viewing certain owned record

(0) ShareShare
ReportReport
Posted on by 227

Hi,

Is it possible using Security Roles, Teams from restricting a User to view a record that is owned different owners??


I'm using D365 for Marketing and need this to run customer journeys. 

The issue I've been tasked with is to keep certain Contacts invisible to certain people.

E.g. There is Team A and Team B as owners. Potentially there could be  User(S) who are also owners so I would assume these need to be included in a Team??

I want a group of users to see only Team A records and another group of users to see only Team B.  Possibly a group of users to see both Team A's and B's,.Ccntacts....


  • Chris1968 Profile Picture
    Chris1968 227 on at
    RE: Restrict User(s) from the same Business Unit from viewing certain owned record

    Hi,

    Happy belated New Year 

    I believe I have resolved the issue of a specific user in the BU Veterans Service to just see the contacts that are owned by the team name Veteran Services.

    The new record I created I did manage to assign it to the Team and it displays in the Contact list

    Haven't quiet sorted the owner defaulting to the team name yet when a new record is created.

    Can you give me some guidance as not really used scripting before??

  • Suggested answer
    Eiken Profile Picture
    Eiken on at
    RE: Restrict User(s) from the same Business Unit from viewing certain owned record

    Hi,

    I'm on Chinese New Year's holiday these days.

    Has your problem been solved?

    Yes, if you change the security role such as Basic user, it may affect the rest of the users.

    By the way, did you change the owner of the record which created before?

    pastedimage1674805150877v1.png

  • Chris1968 Profile Picture
    Chris1968 227 on at
    RE: Restrict User(s) from the same Business Unit from viewing certain owned record

    Hi Eiken,

    Thanks for this.

    To be honest I'm getting slightly confused.

    Can we take it back a few steps.

    When you create a Security Role is resides in the Root BU.  Which filters through to all BU's created after.

    pastedimage1674123196276v4.png

    So if I want to change a Security Role such as Basic User would I need to create this within the BU I've created to stop this affecting other users in another BU?

    I've created a Team / BU called Veterans Services.  There are already BU's for Sales & Marketing and Consultancy Services (These are the ones we use in Prod.

    Each of the existing BU have Team Members and are assigned to different Teams  

    pastedimage1674122431331v1.png

    pastedimage1674122467511v2.png

    At the moment I'm the only User in the BU Veterans Services 

    pastedimage1674122761475v3.png

    Currently this is allowing ne to access the Marketing App, which is required to enable to send out the Marketing Email.

    It as Basic User, Marketing Business App Access, Marketing STAH and Veterans Read / Write, Security Roles

    pastedimage1674123473837v6.png

    If I change the drop down value to Read Veterans Service from Org##### I can't make changes as it's an inherited Role.  So if I make changes from the Root BU, won't it affect the rest of the users access / permissions who already have this??



    I only want the people in this team to see Contacts that have Owner assigned / set as Veterans Service.  

    I apologise if I've still not understood the Security Roles / permissions process

  • Suggested answer
    Eiken Profile Picture
    Eiken on at
    RE: Restrict User(s) from the same Business Unit from viewing certain owned record

    Hi, Chris

    Did you assign the security role to the Team rather than individuals?

    Now my test Team have some members who I don't assign any security role to them.

    Then I create a security role and assign it to my Team, the security roles assigned to the Team are inherited by members in this Team.

    pastedimage1674091785575v3.png

    I recommend you to check if other security role will affect the access permission.

    e.g. The Basic User security role of my test Team looks like this so it will not affect the result.

    pastedimage1674091700892v2.png

  • Chris1968 Profile Picture
    Chris1968 227 on at
    RE: Restrict User(s) from the same Business Unit from viewing certain owned record

    Hi Eiken,

    Sorry about that the dotes all seem to blur into each other after a while.

    I've amended this to User.  Is there any other role that needs to be applied??

    As I can still all the records

    235 with owner Veterans Services and 89 with a combination of different owners (User and Team)

  • Suggested answer
    Eiken Profile Picture
    Eiken on at
    RE: Restrict User(s) from the same Business Unit from viewing certain owned record

    Hi, Chris

    For the security role assigned to the Team, the access level "User" means every member in the same Team.

    So the access level should be 'User' in your security role of the Team.

    pastedimage1674004893701v1.png

    pastedimage1674004912153v2.png

  • Chris1968 Profile Picture
    Chris1968 227 on at
    RE: Restrict User(s) from the same Business Unit from viewing certain owned record

    Hi Eiken,

    Thanks for this.

    I was looking at this route and this is were I got confused.  So if I tell, show what I have set up so far hopefully it will be juts a bit of a tweaking need

    Apologises but I've been using the Advanced setting to change the users roles, teams, etc...

    Security Roles

    Created Veterans Read / Write in Business Unit org name

    pastedimage1673954144093v1.png

    There are other BU - Veterans and Sales & Marketing.  Would this matter what BU the Role is created in??

    pastedimage1673954237613v2.png

    The Contact which was part of a bulk import as the owner, Veterans Service

    pastedimage1673954347097v3.png

    The User (me) Teams and Roles are

    Veterans Read, along with All Users - Basic Access



    pastedimage1673954622245v5.png

    But I can see all the Records even those that have different owners??

  • Suggested answer
    Eiken Profile Picture
    Eiken on at
    RE: Restrict User(s) from the same Business Unit from viewing certain owned record

    I ran some more tests after that and security roles for Team can really solve this problem.

    I missed a detail earlier:  Any privilege set at "User" level in a team role means the user can do things to records owned by the team, but only if they make the Team of the Owner before they save the record.

    So you can first create a new security role for the Team and add the following permission for it.

    pastedimage1673926219691v1.png

    Then create a record with a user in the Team and set the Owner to this Team.

    pastedimage1673926572816v2.png

    Now the other members in the same Team can see the records created by this user.

    pastedimage1673926815197v3.png

  • Chris1968 Profile Picture
    Chris1968 227 on at
    RE: Restrict User(s) from the same Business Unit from viewing certain owned record

    Hi,

    Thank you I'll give it a try once I set up the Teams.  

    I let you know how it goes

  • Suggested answer
    Mohamed GRAIB Profile Picture
    Mohamed GRAIB 2,494 Super User 2024 Season 2 on at
    RE: Restrict User(s) from the same Business Unit from viewing certain owned record

    Hi, 

    pastedimage1673884906129v1.png

    A security role by team not by acess team 

    Else, to know more about configure teams and acess teams, you can follow these links : 

    https://www.azamba.com/2018/02/15/how-to-enable-access-teams-in-microsoft-dynamics-365-for-sales-crm-share-records/#:~:text=Enable%20and%20Create%20an%20Access%20Team%20Template&text=To%20enable%20access%20teams%2C%20go,%3E%20Access%20Team%20Templates%20%3E%20New.

    Hope that's helpful for you. 

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Congratulations 2024 Spotlight Honorees!

Kudos to all of our 2024 community stars! 🎉

Meet the Top 10 leaders for December!

Congratulations to our December super stars! 🥳

Get Started Blogging in the Community

Hosted or syndicated blogging is available! ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,622 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,354 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Product updates

Dynamics 365 release plans