web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Restrict Users from Ed...
Microsoft Dynamics CRM (Archived)

Restrict Users from Editing Other Users Notes

(0) ShareShare
ReportReport
Posted on by CoolShaw 35

Good day,

We've have a security roles defined which should to restrict user's from editing another user's notes. Here is the permission details:

 

We've noticed that this does not work as it allows the user to edit ANY note created by any user even though User access is defined as above. 

We've confirmed that the user does not multiple Security Roles so there is no layering of high permissions... and that they are not apart of any team that has higher permissions. They only have one role with the aforementioned access.

 Is there something distinctly different about the Notes (Annotation) entity where this seems to be allowing user's to write to other user's notes?

 

Any feedback would be greatly appreciated.

*This post is locked for comments

I have the same question (0)
  • Nuno Costa Profile Picture
    Nuno Costa 1,300 on at

    could the user have assigned the note to himself/herself and then edit? could even re-assigned back to the original user? according to the permissions you have this could be a possibility.

  • CoolShaw Profile Picture
    CoolShaw 35 on at

    Nuno,

    No, there was no reassignment of the note. the  note was created.  A new user logged to accessed the note and simply began to edit.  This contradicts what is documented for User access on a privilege.

  • Suggested answer
    KG_CRM Profile Picture
    KG_CRM on at

    I'm doing some similar research at home and come across this thread which explains the issue:  stackoverflow.com/.../crm-2013-having-trouble-setting-edit-permission-for-wall-notes

    In short, it is a cascading privilege thing, and the Notes in question are a child record of a parent record/activity.  Your user likely has business-unit level write privilege to the parent entity type.   You'd have to restrict write capability to the parent record as well as to Notes OR develop a custom plugin like BlueSam did at Stack Overflow.

  • KBak Profile Picture
    KBak 5 on at

    I just faced the same problem and this answer helped me a lot.

    You don't have to modify privileges on the parent entity or develop a custom plugin though.

    What solved my problem was to set the Reparent Action on the relationship behavior to 'Cascade None', as otherwise the owner of the parent record gets the parent entity's access rights to all other users' notes.

    The Reparent Action is documented here:

    docs.microsoft.com/.../entity-relationship-behavior

    You can find an easier to understand example here:

    woodsworkblog.wordpress.com/.../

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans