Hi,
Thank you for your query.
Power Platform / Dynamics 365, gives you freedom to design your own security model. Because it is highly configurable and granular, things sometimes get confusing.
Let me give you some pointers:
- Business Units are the most important aspects of the security. You can segregate the records between business units, this allows us to control access within and across business Units. Depending on your business, a Business Unit could be a sales territory, or a specific unit of your business. Few examples of Business Units:
The key here is to understand the access can be restricted based on the Business Unit ownership, for example when a Lead is created and the owner's business unit is Retail->Sales, you can make sure users of Corporate -> Sales cannot see this. Or if user is part of North BU, they cannot see the records of South BU, however country head assigned to BU root, can have access to all child BU records.
Draw your chart on paper and run some scenarios, for example, in order to give access to Retail -> Sales users on Retail -> Marketing records, either I have to move the users to Retail BU or give them organization level read access. Scenarios like this will make it easier for you to understand and validate your model.
Once you have you BU setup right, rest is easy.
- Hierarchy: you can implement organizational hierarchy so the mangers have access to records of sub-ordinates.
- Teams: define teams to assign records to all user of a team. This helps to assign records to pool of users or queues. You can also assign roles to a team.
- Security Roles: either use out-f-the-box security roles or copy these to fine tune as per your needs.
- Field Security Profiles: this is to secure fields with sensitive information (like ID Card No).
Here is a basic example for your reference:
MB2-703 – Page 2 – Hosk's Dynamic Blog (wordpress.com)
