web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / Users had unexpected s...
Customer experience | Sales, Customer Insights,...
Suggested Answer

Users had unexpected security role, removing it resulted in the user being unable to see accounts and contacts

(0) ShareShare
ReportReport
Posted on by Michael.Holder 5

I have a rather bizarre issue that I've run into - about 300 users (out of 1200!) in our instance had a security role that was created to help with the migration into our Dynamics 365 instance. This role was misconfigured and gave those users more access than it should have. These users also had another role that we had assigned that gave them all the access they needed. We then migrated their accounts, contacts, and activities from CRM On-Premise to CRM Online. We had a user accidentally delete a record from the system, so during troubleshooting I found out the misconfigured role and immediately removed it from the system. Upon doing so the users that had this role can no longer see any of their accounts/contacts even if they are the Owner of those records using the default views (My Active Accounts) and (Active Accounts).

If I did an Advanced Find on the Account entity with NO filters - nothing shows up. If I set a filter for 'Owner equals Current User' then records show up. Yet, the default view that has this exact configuration does not show anything, so in this case 'My Active Accounts' should produce results but it doesn't. I checked the view to ensure that it was indeed set up with that specific filter and no other. 

I tried reassigning all records of a certain user to the users Team (since every Business Unit creates a Team automatically, I assigned it to that team for the business unit they were in). At first it seemed to work, I was ecstatic so I tried this with another user.. but it did not work. I went to Advanced Settings -> Security -> Users, found the user, opened their record and selected 'Reassign Records' when doing this.

I checked out Sandbox instance out since it had a recent backport of Production and found the role and checked to see if it was assigned to any teams, it was not. It was just assigned to those users.

I just don't know what could have caused these users to not be able to see their records after removing the role from Production. It shouldn't have affected anything - all of those records are either owned by the user or their Business Unit's team.  

I have the same question (0)
  • David Jennaway Profile Picture
    David Jennaway 14,065 on at

    One possibility is that there is a custom plugin on the RetrieveMultiple message for Accounts, which is applying some additional filtering. You can use the Plugin Registration tool to view the registered plugin steps by message or entity

  • roshpal Profile Picture
    roshpal on at

    To troubleshoot this, you should compare the fetch for both the views. also you can check the fiddler request sent for both working non working and see if there is any difference in the ID of the user which is sent. If you need assistance in doing any of these you can even engage with Microsoft over a support ticket.

  • Michael.Holder Profile Picture
    Michael.Holder 5 on at

    Thanks for this. I'm not seeing anything standing out here, but what I did learn is that if I assign a generic role to the user and remove it - the records show up and the issue is gone. It's so bizarre!

  • Suggested answer
    Michael.Holder Profile Picture
    Michael.Holder 5 on at

    So unless someone else has any ideas the 'fix' that I found was to assign a dummy role named the same (or that's at least how I did it) to the users then remove it. It seems to trigger some background process in Dynamics 365 that refreshes what that user has access to and ultimately restoring visibility. I kind of wish I knew what it was doing so I could script it out. I haven't looked at the XRMToolbox for any plugins for this quite yet.

  • Suggested answer
    roshpal Profile Picture
    roshpal on at

    Since this would need a look at telemetry during the operation. I suggest you log a support request to investigate it.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Customer experience | Sales, Customer Insights, CRM

#1
Tom_Gioielli Profile Picture

Tom_Gioielli 137 Super User 2025 Season 2

#2
#ManoVerse Profile Picture

#ManoVerse 57

#3
Jimmy Passeti Profile Picture

Jimmy Passeti 50 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Hide selecting Contact for potential customer when creating quote

Product updates

Dynamics 365 release plans