Share
Report
35Good morning
I am doing a very rough MVP implementation of D365 Sales and Customer Service (and maybe also Basics of F&O) and I am thinking about how to implement the following business model: say you either sell directly to end-customers, white-label your products for partners or have partners transparently reselling your products. The idea now is that both white-labelling and reselling partners should have access to our D365 instance and maintain their own customers base in our Dynamics - they should only be able to work on and see their own accounts.
Now I am thinking of how to best implement this using as much OOB functionality as possible.
The first idea which comes to mind is to leverage Business Units:
- Each single White-Labelling or Reselling Partner is setup in their own business unit.
- Access would be managed by using the OOB Dataverse Security Concept (Security concepts in Microsoft Dataverse - Power Platform | Microsoft Learn) - basically creating a new team for every partner and assigning the team to the BU
- Since we are talking about external users, the actuall access would be managed by assigning an Azure AD security group which would be very lean in terms of access control.
- It would also be possible to establish an "End-Customer" business unit if the business would require to completly shield for example direct-sales from partner-sales
- From a security perspective, this is the most clean I can image
- The biggest drawback I see is scalability: while partners presumably won't go into the hundreds, it could certainly be a few dozens which makes this setup hard to maintain. I also see potential reporting issues arising.
The second would be to use Security Roles, the basic structure of Teams and Hierarchy security - Power Platform | Microsoft Learn:
- Each single White-Labelling or Reselling Partner is setup as their own team
- A security role would be created for them
- Hierarchy security would be activated - specifically the Position Hierarchy Model: this would enable all teams to access data where necessary (e.g. sales and customer service functions) while at the same time "lock in" the employees of the white-label and reselling partners in their own records
- Using the depth-settings, the manager of a white-label/reselling partner could be setup to see only his and his teams accounts
Last but not least, the most basic concepts I can think of are:
- Assigning the customers of partners the Partner Account as a parent
- Or simply use Sales Territories
- While being very easy to setup, these are more Sales focussed and it would have to be thought through more clearly if this would cause troubles down the line, for example in CS or F&O
Any thoughts on my proposals? Did I miss anything or is something conceptually wrong? What would the seasoned Dynamics implementers in this forums recommend?
Thanks
Pete
All responses (
Answers (
