Share
Report
924Seeking advice on an unusual security requirement with CRM Case Management.
Accounts and Contacts are visible to all users, via organisation read.
Cases are only visible to the case owner, and anybody added as part of an Access Team Template giving them read-write access.
When emails are sent or received, they are set-regarding to the case they are associated with. Due to the highly sensitive nature of these emails, they should only be readable from the case record, thus limiting access to the case owner and access team that have been assigned.
However, as everybody is permitted to see accounts and contacts and there is a parental relationship on all sub-records, these emails are also showing on the account/contact timeline linked to the case, and when using set-regarding the email is also linked directly to an account or contact making the email visible to a wider audience.
We have thought changing security on the activity’s role to user only, but this is too restrictive for other types of activity records, because its only emails belonging to cases we wish to restrict their visibility on. Other ideas were to create an additional Business Unit and Team that would maintain ownership of Case based emails. The thinking is we could intercept the email during set-rearding and change the owner to another team within the alternative business unit, and if possible remove the TO/CC linked accounts and contacts.
So far we've not been able to make this work and limit visibility. Does anybody have any other suggestions or ideas we have missed?
Many thanks
All responses (
Answers (
