web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Revoke Team Member'...
Microsoft Dynamics CRM (Archived)

Revoke Team Member's Access to Single Case When Case Owned By Team

(0) ShareShare
ReportReport
Posted on by Community Member

Hey all,

Our security model is set up such that Teams own Cases.  Client has a requirement whereby they want to revoke access to a specific Case for a single user who is a member of the Team that currently owns the Case.

From my experience it is impossible to meet this requirement.  We're using Dynamics 365 v8.2.2 on-prem.

Any ideas?

Cheers.

*This post is locked for comments

I have the same question (0)
  • Community Member Profile Picture
    Community Member on at

    Replicate the team without the user and make this new team the owner of that record ?

  • Community Member Profile Picture
    Community Member on at

    But say this happens 10 times with 10 different users over the course of a few years.  You would now have 11 teams all trying to manage the same business area.  Would be impossible to manage.

  • Verified answer
    Arun Vinoth Profile Picture
    Arun Vinoth 11,615 Moderator on at

    With BU team or owning team this is impossible to address.

    You may have to switch to Access teams, where the members can be added/removed any point of time.

  • Verified answer
    RaviKashyap Profile Picture
    RaviKashyap 55,410 Moderator on at

    Hi,

    Yes, you are correct. You can't meet this requirement with the current design. What you are looking for is record based security the only option available out of box is Access team.  

    You could read about access teams here - community.dynamics.com/.../access-teams

    Hope this helps.

  • Verified answer
    gdas Profile Picture
    gdas 50,091 Moderator on at

    Hi,

    Using owning team it's not possible to revoke access from team user for particular record. In that case you should go for user owned case instead of team owned and using access teams add/remove access of the user.

  • Verified answer
    Dynamics365 Rocker Profile Picture
    Dynamics365 Rocker 7,755 on at

    You have to change your security feature to Access team. In this scenario, you can setup owner of case any one but if a user is not a member of Access team then he/she can't able to access case. Only owner, Users who has required security role and members of access team can access cases.

    Access team is a type of object based security.

  • Community Member Profile Picture
    Community Member on at

    Unanimous support for Access Teams.  

    Should I be concerned about an excessive number of records in the POA table when using Access Teams across a very large dataset?  

    One of my devs also had an idea to hijack Retrieve calls with a custom plugin that would compare against a revocation list.  Performance is a concern with this approach.

  • Suggested answer
    Arun Vinoth Profile Picture
    Arun Vinoth 11,615 Moderator on at

    Teams will have a single entry in POA (either BU team or Access team) whereas users sharing will get individual entries. That being said AT should not grow the POA like object sharing.

    Regarding the RetrieveMultiple message plugin - you have to decide/trade off about that as this will trigger for every single call in the system.

  • Verified answer
    Ben Thompson Profile Picture
    Ben Thompson 6,350 on at

    Yes because eventually you will have performance issues with the POA table - I've seen on-premise sites where page access has gone to 30+seconds due to excessive sharing.

    To be honest hijacking the Retrieve calls with a custom plugin won't have as much of a performance hit as excessive sharing but you will eventually need to do a lot more than just a single plugin for things to work correctly.

    As an aside my company provides data driven security options for Dynamics 365 - our Deny Access solution should be available from Appsource in October / early November and it is plugin driven (its why I comment that you will need far more than 1 for things to work correctly)...

  • Community Member Profile Picture
    Community Member on at

    Interesting.. I will keep an eye out for sure!

    Without going too deep into your IP, can you elaborate on "eventually will need more than a single plugin"?

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans