Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / Users had unexpected s...
Customer experience | Sales, Customer Insights,...
Suggested answer

Users had unexpected security role, removing it resulted in the user being unable to see accounts and contacts

(0) ShareShare
ReportReport
Posted on by Michael.Holder 5

I have a rather bizarre issue that I've run into - about 300 users (out of 1200!) in our instance had a security role that was created to help with the migration into our Dynamics 365 instance. This role was misconfigured and gave those users more access than it should have. These users also had another role that we had assigned that gave them all the access they needed. We then migrated their accounts, contacts, and activities from CRM On-Premise to CRM Online. We had a user accidentally delete a record from the system, so during troubleshooting I found out the misconfigured role and immediately removed it from the system. Upon doing so the users that had this role can no longer see any of their accounts/contacts even if they are the Owner of those records using the default views (My Active Accounts) and (Active Accounts).

If I did an Advanced Find on the Account entity with NO filters - nothing shows up. If I set a filter for 'Owner equals Current User' then records show up. Yet, the default view that has this exact configuration does not show anything, so in this case 'My Active Accounts' should produce results but it doesn't. I checked the view to ensure that it was indeed set up with that specific filter and no other. 

I tried reassigning all records of a certain user to the users Team (since every Business Unit creates a Team automatically, I assigned it to that team for the business unit they were in). At first it seemed to work, I was ecstatic so I tried this with another user.. but it did not work. I went to Advanced Settings -> Security -> Users, found the user, opened their record and selected 'Reassign Records' when doing this.

I checked out Sandbox instance out since it had a recent backport of Production and found the role and checked to see if it was assigned to any teams, it was not. It was just assigned to those users.

I just don't know what could have caused these users to not be able to see their records after removing the role from Production. It shouldn't have affected anything - all of those records are either owned by the user or their Business Unit's team.  

  • Suggested answer
    roshpal Profile Picture
    roshpal on at
    RE: Users had unexpected security role, removing it resulted in the user being unable to see accounts and contacts

    Since this would need a look at telemetry during the operation. I suggest you log a support request to investigate it.

  • Suggested answer
    Michael.Holder Profile Picture
    Michael.Holder 5 on at
    RE: Users had unexpected security role, removing it resulted in the user being unable to see accounts and contacts

    So unless someone else has any ideas the 'fix' that I found was to assign a dummy role named the same (or that's at least how I did it) to the users then remove it. It seems to trigger some background process in Dynamics 365 that refreshes what that user has access to and ultimately restoring visibility. I kind of wish I knew what it was doing so I could script it out. I haven't looked at the XRMToolbox for any plugins for this quite yet.

  • Michael.Holder Profile Picture
    Michael.Holder 5 on at
    RE: Users had unexpected security role, removing it resulted in the user being unable to see accounts and contacts

    Thanks for this. I'm not seeing anything standing out here, but what I did learn is that if I assign a generic role to the user and remove it - the records show up and the issue is gone. It's so bizarre!

  • roshpal Profile Picture
    roshpal on at
    RE: Users had unexpected security role, removing it resulted in the user being unable to see accounts and contacts

    To troubleshoot this, you should compare the fetch for both the views. also you can check the fiddler request sent for both working non working and see if there is any difference in the ID of the user which is sent. If you need assistance in doing any of these you can even engage with Microsoft over a support ticket.

  • David Jennaway Profile Picture
    David Jennaway 14,065 on at
    RE: Users had unexpected security role, removing it resulted in the user being unable to see accounts and contacts

    One possibility is that there is a custom plugin on the RetrieveMultiple message for Accounts, which is applying some additional filtering. You can use the Plugin Registration tool to view the registered plugin steps by message or entity

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

🌸 Community Spring Festival 2025 Challenge Winners! 🌸

Congratulations to all our community participants!

Adis Hodzic – Community Spotlight

We are honored to recognize Adis Hodzic as our May 2025 Community…

Kudos to the April Top 10 Community Stars!

Thanks for all your good work in the Community!

Leaderboard > Customer experience | Sales, Customer Insights, CRM

#1
Daivat Vartak (v-9davar) Profile Picture

Daivat Vartak (v-9d... 225 Super User 2025 Season 1

#2
Muhammad Shahzad Shafique Profile Picture

Muhammad Shahzad Sh... 99

#3
Vahid Ghafarpour Profile Picture

Vahid Ghafarpour 82 Super User 2025 Season 1

Overall leaderboard

Featured topics

Hide selecting Contact for potential customer when creating quote

Product updates

Dynamics 365 release plans