You’re offline. This is a read only version of the page.
Could someone please explain what I'm missing I'm losing my mind on this one :(
I have a BU structure like this:
A
B C
- users in BU B are not allowed to see cases of users in BU C and vice versa. Security roles of users in these BU's (B and C) for cases is Business Unit.
- All accounts are owned by an Owner Team in BU A. The owner team has a security role which grants only Account read and write at the user level. All users in B and C belong to this team.
If a user in B creates a case and selects an account owned by the owner team all users in C are given access to the case. The case is owned by a user in B why can users in C read the case?
*This post is locked for comments
Thank You Andreas I'll mark your original answer as verified as it does answer my original question.
I did find the answer to my second question on how to stop it from happening - for anyone looking at this in the future you need to change the reparent to cascade none for the incidents_customer_accounts relationship.
As for new related cases it looks like this behavior is by design and cannot be changed through standard configuration.
You might need to implement a workaround. It could be a custom workflow that unshares that new related case record.
Thanks for the reply Andreas
So I did notice when I first assigned all the accounts to the new owner team all the related cases etc moved with it. So I assigned them back to the original owner and change the cascade behavior.
I set cascade behavior to "Cascade None" for both share and assign for incident_customer_accounts relationship. When I reassigned the accounts to the owner team all the existing cases behaved as expected and users in opposite BU's were unable to see each other cases. So the they owned the parent account (from the owner team) but not the related case. However this doesn't hold true for new related cases ... is there anyway to stop this behavior?
Good explanation can be found here:
https://msdn.microsoft.com/en-us/library/gg334673.aspx#BKMK_SharingInstances
The keyword here is sharing and inheritance or cascade sharing.
Also good samples here:
blogs.msdn.microsoft.com/.../cascaded-security-privileges-and-sharing
The shared rights of the owner team are inherited from the parent entity (account) to the child entity (case).
Which is why the users in C can also read it.
Stay up to date on forum activity by subscribing. You can also customize your in-app and email Notification settings across all subscriptions.
#1
André Arnaud de Cal...
291,253
Super User 2024 Season 2
#2
Martin Dráb
230,188
Most Valuable Professional
#3
nmaenpaa
101,156
Share
Report
All responses (
Answers (