2,737
I'm very much clear with user level security(records owner=user).But I'm very much confused when owner is set to team.What if I've records owned by Team and I've a team having users.Considering only Read privilege,how would be the behavior for different access level(none,user,BU,Parent-child,organisation).It's showing me unexpected behavior.
What if I have different BU?
Can anyone share a good link/explain Team level security?
*This post is locked for comments
Rahul,
I try to give you the real practice first.
The team is just a group of the user, just keep in mind here.
So, let's say you are in BU CRM, you own the record, your friend, John, for example, in BU B, you guys are in different ERP, you both have only User Access Level...
So your friend John, cannot see your records. Okay.
Then let's say you and Alan now are in the different BU, but you guys are assigned to the same Project Team, so-called ERP and CRM Implementation Team, with security role = Read in User access level only (remember, nothing change with your security roles), then you create the records, you assign the owner to ERP and CRM Team, so that you AND your friend, John, can READ this record.
Because you are in the same Team, remember the concept team is just a group of users, considering it is like impersonation of the user, so you give the Team User Access Level, a record owned by a Team, you and John are member of the Team, so you and John will become "same" user here because you are grouped by same Team, in fact you and John can see the record.
If you are under the same Team but the record owned by YOU, your Friend John CANNOT SEE the record, UNLESS you SHARE IT OUT.
If you are under the same Team and the record owned by the TEAM, all of the members, including you and John CAN SEE the record.
This is much like a record OWNED by MANY USERS, CRM considering the business going well, a record can be owned by more than one user. This is very good design if you have complex scenario of the ownership and data visibility with minimum data control for individual performance security and privacy needed. Like in the Project, you are individual in ONE Team, you can read the document together, but in fact you are in different BU, CRM and ERP but when it comes to together as part of the Team, you need either Share the document, or make the document as Team's document, not individual document.
This is same as well for other privilege, Create, Edit etc.
If you don't give permission to Edit the record in the team, so the member cannot edit the record, if you give User permission only to the Team, the members can edit because they are considered as Member of team as same user.
Damon and Mahadeo have provided the link that I want to share as well.
Another reference:
blogs.msdn.com/.../using-teams-to-solve-complex-record-sharing-scenarios.aspx
blog.westmonroepartners.com/the-best-way-to-assign-record-ownership-in-dynamics-crm
Hope this helps!
Thanks.
Hi..
Here is some extra information
community.dynamics.com/.../how-security-role-privileges-are-inherited-from-team-to-user.aspx
Hello RahulGupta:
Please check out this link it might answer your question
blog.crmguru.co.uk/.../security-roles-and-teams-in-crm-2011-an-inconvenient-half-truth
#1
André Arnaud de Cal...
293,110
Super User 2025 Season 1
#2
Martin Dráb
231,886
Most Valuable Professional
#3
nmaenpaa
101,156
Moderator
Share
Report
All responses (
Answers (
