Hello,
My requirement is that any user of a Team should be able to (at a minimum) view the records owned by other members of the same Team. There are many different ways to do this but I was wondering if someone could point me at some best practice to help me select the appropriate one for my instance.
Some options I have considered include:
Any help welcome.
create a security role and assign to each team that should respect this logic, looks the easiest way to me
Hi Ren,
The most easy is to create teams, and then assign security roles to each teams.
Then if you want share records automatically between teams, you can create a workflow.
Hi,
The most efficient method is creating a security role and apply it to the Team contains the users.
Then any user of a Team can view the records about Contact owned by other members of the same Team.
Hi Eiken,
I may be missing something here but in your example of the Security Role configuration you set each permission to use the 'Organisation' scope. This will meet the requirement of allowing the Users who are granted this role via a Team to see other Team members records, but won't it also permit them to see all Contact records in other Business Units too? This is less desirable.
Would your recommendation still hold true if the scope applied to the Contact entity were limited to 'Business Unit' only?
Thanks,
renMike
Hello renMike
You are correct, the scope should be business unit only for the security role you have configured.
More info can be found here - learn.microsoft.com/.../security-roles-privileges
Sounds good.
So I create a Security Role with permissions to (at a minimum) read from the entities I need members in a BU to be able to read. I assign that Security Role to a Team within the Business Unit (probably the default Team) and that should allow all users in that Business Unit to read all others records regardless of whether they are owned by an individual user or the Team.
Sounds like what I'm looking for and it avoids Flows which incur additional overhead (processing and maintenance).
Does anyone know if this process is documented by Microsoft anywhere so I can refer to it in my design documentation as 'best practice'?
Yes you are right, the access level should be 'Local'.
The whole process isn't be recorded in document, maybe you can try to use the data in Power Platform admin center.
Sure, here is the link to the documentation - learn.microsoft.com/.../security-roles-privileges detailing the different access levels.
Under review
Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.
As AI tools become more common, we’re introducing a Responsible AI Use…
We are honored to recognize Pallavi Phade as our Community Spotlight honoree for…
These are the community rock stars!
Stay up to date on forum activity by subscribing.
Tom_Gioielli 123 Super User 2025 Season 2
MVP-Daniyal Khaleel 89
#ManoVerse 85
