web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Record Level Security
Microsoft Dynamics CRM (Archived)

Record Level Security

(0) ShareShare
ReportReport
Posted on by dalberto

The use case that I'm currently faced is as follows:

All users should be able to read all accounts, opportunities and leads as well as their associated activities. However, there certain records (either accounts,opps or leads and their associated activities) that need to be restricted to a specific group of users a. The group of users can be different depending on the record. 

Does anyone have any ideas on how to achieve this without adding the overhead if the record doesn't need to be restricted?

I've thought of set the security roles to have user level access and automating the process of adding all the users to the access team if it is flagged as a public record. However, this still leaves all the associated activities exposed to the use of advanced find

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    ashlega Profile Picture
    ashlega 34,477 on at

    Hi David,

      there is no "deny" security role, so this kind of access restriction always creates a problem. One way to do it might be to create two different business units:

    - Regular BU

    - Restricted BU

      You would add all users to the Regular BU default team, and you would give that team read access to all records in that BU. You can, then, assign any regular record to that team. For all other permissions (write, append, etc), you can use access teams or sharing.

      In the restricted BU, you might create a team per record (maybe per set of records, since I'm assuming related leads, accounts, and opportunities will be available to the same users). On top of that, you might create a manual access team per the same set of records and share all those related records with the same manual access team (give "read" permission when sharing). So, giving permissions to the users will be all about adding correct users to that access team. For the write and other permissions, you can either user another manual access team.. or you might add all those "full-access" users directly to the owner team for that set of records.

      In my experience, this may require a lot of coding(plugins and workflows) to automate the process.

      

      

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Meet the Microsoft Dynamics 365 Contact Center Champions

We are thrilled to have these Champions in our Community!

Congratulations to the March Top 10 Community Leaders

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
JS-09031509-0 Profile Picture

JS-09031509-0 3

#2
AS-17030037-0 Profile Picture

AS-17030037-0 2

#2
Mark Eckert Profile Picture

Mark Eckert 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans