Microsoft Dynamics 365 | Integration, Dataverse...

Restrict User(s) from the same Business Unit from viewing certain owned record

(0) Share

Report

Posted on by Chris1968

317

Hi,

Is it possible using Security Roles, Teams from restricting a User to view a record that is owned different owners??

I'm using D365 for Marketing and need this to run customer journeys.

The issue I've been tasked with is to keep certain Contacts invisible to certain people.

E.g. There is Team A and Team B as owners. Potentially there could be User(S) who are also owners so I would assume these need to be included in a Team??

I want a group of users to see only Team A records and another group of users to see only Team B. Possibly a group of users to see both Team A's and B's,.Ccntacts....

I have the same question (0)

All responses (14)

Answers (0)

Suggested answer

Eiken on at

Like (0)

Report

RE: Restrict User(s) from the same Business Unit from viewing certain owned record

Hi,

The security role can only control the access to personal or all BU records.

I recommend you to use the Access Teams, it can help user share records with team members but it may take a lot of time to add users manually.

The following link show you the details to configure the access team.

How to Enable Access Teams in Microsoft Dynamics 365 for Sales CRM (azamba.com)

After configuring, you can see the subgrade in the form of contact, also you can add the user which you want to give access authority.

Then login the app with the user which is granted authority and you will see the record.

Was this reply helpful? Yes No
Chris1968 317 on at

Like (0)

Report

RE: Restrict User(s) from the same Business Unit from viewing certain owned record

Hi Eiken,

Thanks for you solution. It's a potential but as you say can be a long winded process if there are loads of users. Currently there are only 5 users who would need to see the specific records but this could grow quiet quickly

So there is no way within D365 Marketing to only grant access to certain records to certain users by using Security roles?

What if the users are all in the same BU but the owner of a Contact record is owned by a Team.

So user is in BU called Sales and Marketing but the record(s) is owned by a Team called Team A. Can specific user(s) who be assoiciated to a Team so only records owned by that team can only be seen by that User(s)?

Was this reply helpful? Yes No
Suggested answer

Mohamed GRAIB 2,504 Moderator on at

Like (0)

Report

RE: Restrict User(s) from the same Business Unit from viewing certain owned record

Hi Chris,

Have you tried to configure teams and access teams ?

You can add a security role by teams also.

Was this reply helpful? Yes No
Chris1968 317 on at

Like (0)

Report

RE: Restrict User(s) from the same Business Unit from viewing certain owned record

Hi,

I'm in the process of setting Teams Access up.

How would you assign Security Roles to Teams Access??

Was this reply helpful? Yes No
Suggested answer

Mohamed GRAIB 2,504 Moderator on at

Like (0)

Report

RE: Restrict User(s) from the same Business Unit from viewing certain owned record

Hi,

A security role by team not by acess team

Else, to know more about configure teams and acess teams, you can follow these links :

https://www.azamba.com/2018/02/15/how-to-enable-access-teams-in-microsoft-dynamics-365-for-sales-crm-share-records/#:~:text=Enable%20and%20Create%20an%20Access%20Team%20Template&text=To%20enable%20access%20teams%2C%20go,%3E%20Access%20Team%20Templates%20%3E%20New.

Hope that's helpful for you.

Was this reply helpful? Yes No
Chris1968 317 on at

Like (0)

Report

RE: Restrict User(s) from the same Business Unit from viewing certain owned record

Hi,

Thank you I'll give it a try once I set up the Teams.

I let you know how it goes

Was this reply helpful? Yes No
Suggested answer

Eiken on at

Like (0)

Report

RE: Restrict User(s) from the same Business Unit from viewing certain owned record

I ran some more tests after that and security roles for Team can really solve this problem.

I missed a detail earlier: Any privilege set at "User" level in a team role means the user can do things to records owned by the team, but only if they make the Team of the Owner before they save the record.

So you can first create a new security role for the Team and add the following permission for it.

Then create a record with a user in the Team and set the Owner to this Team.

Now the other members in the same Team can see the records created by this user.

Was this reply helpful? Yes No
Chris1968 317 on at

Like (0)

Report

RE: Restrict User(s) from the same Business Unit from viewing certain owned record

Hi Eiken,

Thanks for this.

I was looking at this route and this is were I got confused. So if I tell, show what I have set up so far hopefully it will be juts a bit of a tweaking need

Apologises but I've been using the Advanced setting to change the users roles, teams, etc...

Security Roles

Created Veterans Read / Write in Business Unit org name

There are other BU - Veterans and Sales & Marketing. Would this matter what BU the Role is created in??

The Contact which was part of a bulk import as the owner, Veterans Service

The User (me) Teams and Roles are

Veterans Read, along with All Users - Basic Access

But I can see all the Records even those that have different owners??

Was this reply helpful? Yes No
Suggested answer

Eiken on at

Like (0)

Report

RE: Restrict User(s) from the same Business Unit from viewing certain owned record

Hi, Chris

For the security role assigned to the Team, the access level "User" means every member in the same Team.

So the access level should be 'User' in your security role of the Team.

Was this reply helpful? Yes No
Chris1968 317 on at

Like (0)

Report

RE: Restrict User(s) from the same Business Unit from viewing certain owned record

Hi Eiken,

Sorry about that the dotes all seem to blur into each other after a while.

I've amended this to User. Is there any other role that needs to be applied??

As I can still all the records

235 with owner Veterans Services and 89 with a combination of different owners (User and Team)

Was this reply helpful? Yes No