Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Record Level Security
Microsoft Dynamics CRM (Archived)

Record Level Security

(0) ShareShare
ReportReport
Posted on by dalberto

The use case that I'm currently faced is as follows:

All users should be able to read all accounts, opportunities and leads as well as their associated activities. However, there certain records (either accounts,opps or leads and their associated activities) that need to be restricted to a specific group of users a. The group of users can be different depending on the record. 

Does anyone have any ideas on how to achieve this without adding the overhead if the record doesn't need to be restricted?

I've thought of set the security roles to have user level access and automating the process of adding all the users to the access team if it is flagged as a public record. However, this still leaves all the associated activities exposed to the use of advanced find

*This post is locked for comments

  • Suggested answer
    ashlega Profile Picture
    ashlega 34,475 on at
    RE: Record Level Security

    Hi David,

      there is no "deny" security role, so this kind of access restriction always creates a problem. One way to do it might be to create two different business units:

    - Regular BU

    - Restricted BU

      You would add all users to the Regular BU default team, and you would give that team read access to all records in that BU. You can, then, assign any regular record to that team. For all other permissions (write, append, etc), you can use access teams or sharing.

      In the restricted BU, you might create a team per record (maybe per set of records, since I'm assuming related leads, accounts, and opportunities will be available to the same users). On top of that, you might create a manual access team per the same set of records and share all those related records with the same manual access team (give "read" permission when sharing). So, giving permissions to the users will be all about adding correct users to that access team. For the write and other permissions, you can either user another manual access team.. or you might add all those "full-access" users directly to the owner team for that set of records.

      In my experience, this may require a lot of coding(plugins and workflows) to automate the process.

      

      

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,280 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,214 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans