Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Best Way to Architect ...
Microsoft Dynamics CRM (Archived)

Best Way to Architect Permissions if most instances of an entity are available to all, but some will require an instance-specific group of users to be able to see it only.

(0) ShareShare
ReportReport
Posted on by ShannonCRM 496

Hello all,

I would like to request some insight in how I could architect the permissions for a very specific situation.  I don't believe this is platform specific, but we are using Dynamics 365 on-premises (8.2).

In general, we have a permissions scheme based on Team ownership of cases, where in general, everyone can see every case because they belong to a team that can, and there are some cases that are specific to military or aerospace that are Protected by virtue of being assigned to a team of people able to see them.

Now in addition to this, a feature request is to allow - in some cases - to be able to set the case as Private and define who can/cannot see the case.  I was thinking of using Access Teams, although I've never used them before. I was envisioning a situation where we could combine the automatic creation of the access team by adding members (like the Created By, etc) - and also allow the user to add more people to the list through the interface.  I am not entirely sure if I understand how they work, despite having read the documentation many times.

Does it sound like something I could do with Access Teams? If not, what other ideas have people implemented to allow for some cases (or opportunities, or whatnot) to be "private" with a very specific group that can see them?  I do not want to use Business Units because the group of people able to see the case will be different for each case.

Thank you,

Shannon

*This post is locked for comments

  • Verified answer
    Wayne Walton Profile Picture
    Wayne Walton 13,726 on at
    RE: Best Way to Architect Permissions if most instances of an entity are available to all, but some will require an instance-specific group of users to be able to see it only.

    One idea, make a business unit for all those special Cases, no matter who should have access.  Make Teams that only have access to records they own in that BU.  Add users that need access to that Case to the Team that owns that Case.  Update your current permissions to restrict all global access to BU-only access instead.

    Then they'll get their stuff in their one BU, and then only the stuff they're a member of a team of in the other BU.  This requires a lot of management overhead, but it's the safest way I can think of to reliably restrict access of certain cases.

  • Verified answer
    ashlega Profile Picture
    ashlega 34,475 on at
    RE: Best Way to Architect Permissions if most instances of an entity are available to all, but some will require an instance-specific group of users to be able to see it only.

    Hi Shannon,

     you can still use business units to separate those "private" records from other records - private records will go to on BU and shared records will go to another. Then you'll need to use access teams to share those private records with whoever you want them to be shared with. It seems you'll have to assign such records to the teams, though.

     As for the users, they could be added to the non-private BU with the permissions to see records in that BU only.

     One caveat is: when setting a case as private (basically, when reassigning to the team in the private BU), you'll need to share it with somebody automatically. This may require a workflow/plugin.

    System access teams are simple - it's "sharing" through a team. However, unlike with regular sharing, you don't have to specify the permissions every time since you have team templates for that. By adding a user to the subgrid, you are granting permissions to the user according to the template.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,280 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,235 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans