Announcements
Hello,
My requirement is that any user of a Team should be able to (at a minimum) view the records owned by other members of the same Team. There are many different ways to do this but I was wondering if someone could point me at some best practice to help me select the appropriate one for my instance.
Some options I have considered include:
Any help welcome.
Hello renMike
Sure, here is the link to the documentation - learn.microsoft.com/.../security-roles-privileges detailing the different access levels.
Hi,
Yes you are right, the access level should be 'Local'.
The whole process isn't be recorded in document, maybe you can try to use the data in Power Platform admin center.
Does anyone know if this process is documented by Microsoft anywhere so I can refer to it in my design documentation as 'best practice'?
Sounds good.
So I create a Security Role with permissions to (at a minimum) read from the entities I need members in a BU to be able to read. I assign that Security Role to a Team within the Business Unit (probably the default Team) and that should allow all users in that Business Unit to read all others records regardless of whether they are owned by an individual user or the Team.
Sounds like what I'm looking for and it avoids Flows which incur additional overhead (processing and maintenance).
Hello renMike
You are correct, the scope should be business unit only for the security role you have configured.
More info can be found here - learn.microsoft.com/.../security-roles-privileges
Hi Eiken,
I may be missing something here but in your example of the Security Role configuration you set each permission to use the 'Organisation' scope. This will meet the requirement of allowing the Users who are granted this role via a Team to see other Team members records, but won't it also permit them to see all Contact records in other Business Units too? This is less desirable.
Would your recommendation still hold true if the scope applied to the Contact entity were limited to 'Business Unit' only?
Thanks,
renMike
Hi,
The most efficient method is creating a security role and apply it to the Team contains the users.
Then any user of a Team can view the records about Contact owned by other members of the same Team.
Hi Ren,
The most easy is to create teams, and then assign security roles to each teams.
Then if you want share records automatically between teams, you can create a workflow.
create a security role and assign to each team that should respect this logic, looks the easiest way to me
Stay up to date on forum activity by subscribing. You can also customize your in-app and email Notification settings across all subscriptions.
André Arnaud de Cal... 290,186 Super User 2024 Season 2
Martin Dráb 227,996 Super User 2024 Season 2
nmaenpaa 101,148