Unanswered

Record security at a team level

(0) Share

Report

Posted on by EsoxF

I have customer who has multiple divisions that work on different case types and each division should only see their own cases. I know i could use multiple business units which may not be advisable but is there any other way to get round this. I've tried to add the ownership of cases to individual team at a user CRUD level and this is fine but if a person in the team assigns a case to themselves then the other team members are unable to view this case because the team no longer owns it.

I know i could share cases with the team or indeed use access teams but this seems to be labour intensive with the potential of a very large POA table causing performance issues down the line.

I always though that if you are a member of a team with a role you should be fit to see the cases the team own and also the cases the team members own, but i was wrong 😞

How do you solve this issue ?

Thanks

Categories:

Microsoft Dataverse with Power Apps

I have the same question (0)

All responses (7)

Answers (0)

cchannon 4,702 Moderator on at

Like (0)

Report

Re: Record security at a team level

Yeah, this is a common misconception. Team-assigned roles are not the same thing as BU-assigned (or user-assigned) roles. Here are a couple examples that might help illustrate:

Say you assign a role to a User directly. That user is a member of a BU, so the role is automatically linked and scoped by that BU. If the Role grants Business Unit level Read on your target table, that user can now see ALL rows of that table owned by their BU or anyone in their BU, or any team in their BU.

But now let's say you assign the role to a Team. Well, like the User that Team also has a BU, but that BU is not necessarily the same as the User's BU. This means that if the Role has Business Unit level read, it is referring to the Business Unit the TEAM is a member of, not the User.

That's my first guess for what's causing the behavior you describe, at least.

Was this reply helpful? Yes No
Rutu01 305 on at

Like (1)

Report

Re: Record security at a team level

I have restricted the owner dropdown in my forms to only show teams the user is a part of. So that the user can't change ownership of the record to individual or user owned to avoid the issue you mention. The user can only select any of the teams he is a part of .

In some cases I have also made the owner field read only after say some time has passed since the record was created.

For my use case the information available from the Created By and Modified By , is good for linking it to the user. But the record itself is always owned by a team

Was this reply helpful? Yes No
Shashank Bhide 942 Moderator on at

Like (0)

Report

Re: Record security at a team level

Can you use Case queues? in queues model, the cases are assigned to queues (automatic or manual) and members who work those cases are also members of the queues, when a member "picks" a case, the case's "worked by" filed gets updated with the person who is working the case but that doesn't change the ownership of the case.

Was this reply helpful? Yes No
EsoxF 8 on at

Like (0)

Report

Re: Record security at a team level

@shashankbhide The ownership does change when you pick an item off a queue just for your reference

Was this reply helpful? Yes No
EsoxF 8 on at

Like (0)

Report

Re: Record security at a team level

Thank for you input @cchannon

Was this reply helpful? Yes No
Drew Poggemann 9,287 Most Valuable Professional on at

Like (2)

Report

Re: Record security at a team level

Hi @EsoxF

I would look at Queue management for what you are trying to do here to view the cases etc. You can setup to take ownership of the case (and leave in the queue for others to still view) and you get a lot of out of the box functionality with this method as well. You can even route Cases using routing rules to the specific queues etc.

https://learn.microsoft.com/en-us/dynamics365/customer-service/administer/set-up-queues-manage-activities-cases?tabs=customerserviceadmincenter

https://vrushaliranjalkar.blog/2021/12/28/queues-in-case-management-part-1/

Was this reply helpful? Yes No
cchannon 4,702 Moderator on at

Like (1)

Report

Re: Record security at a team level

You can also use the "Share Records with Original Owner" setting to cause the system to automatically share limited permissions to a record back to format record owners, i.e. the team.

... Although, that is a pretty drastic move, since it impacts all records.

Was this reply helpful? Yes No