web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Restrict Users based O...
Microsoft Dynamics CRM (Archived)

Restrict Users based On specific Country/ Territory

(0) ShareShare
ReportReport
Posted on by Community Member
There is a requirement that users in China cannot see user records in their country as well as different country user record. Is my approach the right way to apply the permission on Business unit level. i.e

  • I created two set of Business Units under root BU. 1) China BU and 2) Other BU. Added China users under ChinaBU.
  • Next, I created two custom role (ChinaUsersRole and OtherUsersRole). For users from China I configured Security role salesperson and ChinaUsersRole.
  • Inside the security role ChinaUsersRole, for each of my required entities (leads, contacts, opportunities, accounts, cases etc.) for the Read permission I have given user level privilege.
  • Inside the security role OtherUsersRole, for each of my required entities (leads, contacts, opportunities, accounts, cases etc.) for the Read permission I have given Parent-Child BU previlage.

Does that makes sense or any other approach to be taken into consideration.

*This post is locked for comments

I have the same question (0)
  • Verified answer
    Alex Fun Wei Jie Profile Picture
    Alex Fun Wei Jie 33,626 on at
    RE: Restrict Users based On specific Country/ Territory

    Hi,

    You mentioned that China user cannot see user records under their own country as well.

    isnt user level privilege should be given? If you gave parent child level, users who under "China BU" can see all records owned in the business unit to which the user belongs and to all the child business units subordinate to that business unit.

    You can refer below article for more information.

    crmbook.powerobjects.com/.../

  • Community Member Profile Picture
    Community Member on at
    RE: Restrict Users based On specific Country/ Territory
    Yes you are right. I have updated my question.
  • Verified answer
    Alex Fun Wei Jie Profile Picture
    Alex Fun Wei Jie 33,626 on at
    RE: Restrict Users based On specific Country/ Territory

    Hi,

    FYI. 

    I created two set of Business Units under root BU. 1) China BU and 2) Other BU. Added China users under ChinaBU.

    - yes, this make sense

    Next, I created two custom role (ChinaUsersRole and OtherUsersRole). For users from China I configured Security role salesperson and ChinaUsersRole.

    - To make it easier to maintain, would be good if you can divide the responsibilities into different roles : Eg: China Sales, China Customer Resprensentative, China Marketing as well as for Other BU . But depends on the Business nature.

    Inside the security role ChinaUsersRole, for each of my required entities (leads, contacts, opportunities, accounts, cases etc.) for the Read permission I have given user level privilege.

    - for account and contacts, I assumed user can see all records, Eg: Sales person 1 can make business with Account 1 and Sales person 2 also can make business with Account 1, isnt? But depends on the Business nature. Maybe you can discuss with your client.

    Inside the security role OtherUsersRole, for each of my required entities (leads, contacts, opportunities, accounts, cases etc.) for the Read permission I have given Parent-Child BU previlage.

    - any reasons you gave Parent Child level? The parent business unit of this BU is ?

  • Community Member Profile Picture
    Community Member on at
    RE: Restrict Users based On specific Country/ Territory

    Hi,

    Thank your for detailed response. Please see my following responses in the order of your comments

    1. Ok.
    2. To make it easier to maintain, would be good if you can divide the responsibilities into different roles : Eg: China Sales, China Customer Resprensentative, China Marketing as well as for Other BU . But depends on the Business nature. - This makes sense for me. Anyways will confirm with my client.
    3. Client wants all records created by China Users (irrespective of entities) shouldnot be seen by other users in same country/ different country and vice versa.
    4. Our Business Unit Plan would be as below, but I believe in my case I go with BU level privilege instead of Parent Child BU level privilege.

    • Root BU

    • China BU

    • Other BU

      • US BU

      • UK BU

  • Verified answer
    Alex Fun Wei Jie Profile Picture
    Alex Fun Wei Jie 33,626 on at
    RE: Restrict Users based On specific Country/ Territory

    Hi,

    FYI.

    3. Client wants all records created by China Users (irrespective of entities) shouldnot be seen by other users in same country/ different country and vice versa.

    -  I am afraid in future there is a lots of duplicate data. Maybe you can raise this to your client. ( For account and contact : set to BU level)

    EG: Sales Person 1 and 2 are under China BU

     Sales Person 1 created Account 1,  and make a business with Account 1. Sales Person 2, created Account 1( duplicated account) , and make business with Account 1( duplicated account). So, when comes to reporting, it becomes a mess.

    4. By looking at the hierachcy , I think you can directly create the US BU and UK BU without Other BU. Furthermore, If user under US BU or UK BU, only want to see the records from their own BU, then go for business unit level. 

    2110.Capture1.PNG

  • Community Member Profile Picture
    Community Member on at
    RE: Restrict Users based On specific Country/ Territory

    Hi, 

    3) Can you explain me about your point "on lots of duplicate data" - Do you mean eg: If suppose I need to have Samsung account record, there needs to be two account record Samsung China and Samsung separately. If yes, I agree there might be duplicate data possibility. 

    4) My exact requirement is as below,

    • All users except from China
      • Sales Managers can view/edit their Sales Persons records.
      • Sales Managers can only view other Sales Managers records (except China).
      • Sales Persons can only view other Sales persons record (except China). They cannot even see China user records.

    • For China users
      • China Sales Managers cannot view/edit their country/ other country Sales Persons records.
      • China Sales Managers cannot view/edit their/ other Sales Managers records.
      • China Sales Persons cannot even view other Sales persons record in China or any country.

    Based on this requirement only I have planned my points (as posted in the query)

  • Verified answer
    Alex Fun Wei Jie Profile Picture
    Alex Fun Wei Jie 33,626 on at
    RE: Restrict Users based On specific Country/ Territory

    Hi,

    FYI.

    3.)  Because you configured user level for account and contact ( Read).

    - So when Sales person 1 wanted to make business with Samsung China,  first, he/she created Samsung China as Account.  

    - After that, Sales person 2 wanted to make business with Samsung China, but remember, he/she only has user level on read privilege. He/she cannot see the Samsung China that created by Sales Person 1. So, Sales person 2 will create Samsung China as Account again.

    - In the end, you have two Samsung China records in the system.

    4.) All users except from China ( Sales MAnager)

    - you can create a custom TEAM .

    [View:https://crmbook.powerobjects.com/system-administration/business-administration/teams/:750:50]

    https://community.dynamics.com/crm/f/117/t/204216

    - you also can explore the Hierarchy security functionality

    [View:https://technet.microsoft.com/en-us/library/dn832142.aspx?f=255&MSPPError=-2147217396:750:50]

    Before you going to create one more BU, you can explore above functionalities first. 

  • Community Member Profile Picture
    Community Member on at
    RE: Restrict Users based On specific Country/ Territory

    Hi,

    3) Understood

    4) Let me try to understand concepts of Teams and Hierarchy security and will update with questions if any.

  • Community Member Profile Picture
    Community Member on at
    RE: Restrict Users based On specific Country/ Territory

    Any thoughts on the related query - community.dynamics.com/.../297284

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Abhilash Warrier – Community Spotlight

We are honored to recognize Abhilash Warrier as our Community Spotlight honoree for…

Congratulations to the September Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
Community Member Profile Picture

Community Member 2

#1
UllrSki Profile Picture

UllrSki 2

#1
HR-09070029-0 Profile Picture

HR-09070029-0 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans