Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Microsoft Dynamics SL (Archived) / User vs Group access r...
Microsoft Dynamics SL (Archived)

User vs Group access rights

(2) ShareShare
ReportReport
Posted on by Igor_CF 165

We’re on SL 2011, I’m trying to restrict one user that belongs to a group from updating one of the screens. Here is an example:

The user in question belongs to a group that has V/U/I/D rights to screen 03.270.00. I open Access Right Maintenance screen, choose the user, add screen 03.270.00, check View only and save.

To my understanding, user rights are superior to group rights and in my example user should only be able to view the screen, but should not be able to make changes. How can I achieve my goal without creating a new group?

Thank you.

*This post is locked for comments

  • Brian_IL Profile Picture
    Brian_IL 715 on at
    RE: User vs Group access rights

    Least restrictive access wins, where overlapping access rights to a screen have been granted to a group or to a user.

  • JamesTyree Profile Picture
    JamesTyree 5 on at
    RE: User vs Group access rights

    If there are two groups (G1 and G2) and G1 grants V/U/I/D rights and G2 denies all but V and a user is a member of both groups, how does SL resolve the conflict?  Are the least restrictive or most restrictive rights ultimate granted?

    Thank you,

    James

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: User vs Group access rights

    How refreshing to see a dialog where someone is tactfully corrected, and then humbly accepts said correction, in spite of what prior beliefs/training and intuition might have him believe.  This not only answers a question I had about access rights, but was an added bonus to see people respecting one another to the benefit of all.  

    Well done, and thank you.

  • WaltBlanchard Profile Picture
    WaltBlanchard 480 on at
    RE: User vs Group access rights

    I come out of a SOX controlled environment, we found that, while a maintenance PITA (Pain in the A..), creating a role based access environment was the easiest and most reliable way to control access.

  • Igor_CF Profile Picture
    Igor_CF 165 on at
    RE: User vs Group access rights

    Thank you all!  I thought I was doing something wrong. Yes, it makes sense to me to have user rights overwrite group right or at least to have most restrictive prevail. Many forum posts state it, that’s what got me confused. Had to create a new group.

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: User vs Group access rights

    Wow, I stand corrected on my statement.  I have only been supporting Solomon since 1992 and have always thought that user rights trump group rights.  In fact, I have some original training info that states it this way.  However, seeing Walt's post, I ran a test and, sure enough, he is correct.

    The way I described it working (though incorrect) actually makes more sense in that it provides a way to make a user a member of a group, inherit those rights unless specifically different under that user for certain screens.  Perhaps the SL development team will take this under consideration.

    Sorry Igor about stating something incorrectly.

  • Verified answer
    WaltBlanchard Profile Picture
    WaltBlanchard 480 on at
    RE: User vs Group access rights

    If a group has rights any user in that group has those rights, regardless on what you do in the user screen.  My policy has always been create and assign rights to a group, assign groups to user(s).  In this case, I would create a new group with the rights you want for this user, removed the user from the one group, and place in the new group.

  • Igor_CF Profile Picture
    Igor_CF 165 on at
    RE: User vs Group access rights

    I'm sorry I didn't mentioned in my statement that I tried it and it didn't work. The user was still able to make changes on the screen.

  • Suggested answer
    Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: User vs Group access rights

    You actually answered your own question with one of your statements.  User rights take precedence over group rights so use the access rights screen at the user level and select the user.  Enter the screen ids where you want this user to have lesser rights than the group and set the rights to those screens accordingly for this user.  Any screens not listed under the user will result in that user getting rights at the group level.  Any screens listed for this user will have the rights as specified under that user.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,280 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,235 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans