Skip to main content

Notifications

Power Apps - Microsoft Dataverse
Unanswered

Record security at a team level

(0) ShareShare
ReportReport
Posted on by 8

I have customer who has multiple divisions that work on different case types and each division should only see their own cases. I know i could use multiple business units which may not be advisable but is there any other way to get round this.  I've tried to add the ownership of cases to individual team at a user CRUD level and this is fine but if a person in the team assigns a case to themselves then the other team members are unable to view this case because the team no longer owns it.

 

I know i could share cases with the team or indeed use access teams but this seems to be labour intensive with the potential of a very large POA table causing performance issues down the line.

 

I always though that if you are a member of a team with a role  you should be fit to see the cases the team own and also the cases the team members own, but i was wrong 😞

 

How do you solve this issue ?

 

Thanks  

Categories:
  • cchannon Profile Picture
    cchannon 4,702 on at
    Re: Record security at a team level

    You can also use the "Share Records with Original Owner" setting to cause the system to automatically share limited permissions to a record back to format record owners, i.e. the team.

     

    ... Although, that is a pretty drastic move, since it impacts all records.

  • Drew Poggemann Profile Picture
    Drew Poggemann 9,273 on at
    Re: Record security at a team level

    Hi @EsoxF 

    I would look at Queue management for what you are trying to do here to view the cases etc.  You can setup to take ownership of the case (and leave in the queue for others to still view) and you get a lot of out of the box functionality with this method as well.  You can even route Cases using routing rules to the specific queues etc.

     

    https://learn.microsoft.com/en-us/dynamics365/customer-service/administer/set-up-queues-manage-activities-cases?tabs=customerserviceadmincenter 

    https://vrushaliranjalkar.blog/2021/12/28/queues-in-case-management-part-1/ 

  • EsoxF Profile Picture
    EsoxF 8 on at
    Re: Record security at a team level

    Thank for you input @cchannon 

  • EsoxF Profile Picture
    EsoxF 8 on at
    Re: Record security at a team level

    @shashankbhide The ownership does change when you pick an item off a queue just for your reference

  • Shashank Bhide Profile Picture
    Shashank Bhide 927 on at
    Re: Record security at a team level

    Can you use Case queues? in queues model, the cases are assigned to queues (automatic or manual) and members who work those cases are also members of the queues, when a member "picks" a case, the case's "worked by" filed gets updated with the person who is working the case but that doesn't change the ownership of the case.

  • Rutu01 Profile Picture
    Rutu01 305 on at
    Re: Record security at a team level

    I have restricted the owner dropdown in my forms to only show teams the user is a part of. So that the user can't change ownership of the record to individual or user owned to avoid the issue you mention. The user can only select any of the teams he is a part of . 

     

    In some cases I have also made the owner field read only  after say some time has passed since the record was created.

     

    For my use case the information available from the Created By and Modified By , is good for linking it to the user. But the record itself is always owned by a team

     

     

  • cchannon Profile Picture
    cchannon 4,702 on at
    Re: Record security at a team level

    Yeah, this is a common misconception. Team-assigned roles are not the same thing as BU-assigned (or user-assigned) roles. Here are a couple examples that might help illustrate:

     

    Say you assign a role to a User directly. That user is a member of a BU, so the role is automatically linked and scoped by that BU. If the Role grants Business Unit level Read on your target table, that user can now see ALL rows of that table owned by their BU or anyone in their BU, or any team in their BU.

    cchannon_0-1709928427787.png

    But now let's say you assign the role to a Team. Well, like the User that Team also has a BU, but that BU is not necessarily the same as the User's BU. This means that if the Role has Business Unit level read, it is referring to the Business Unit the TEAM is a member of, not the User.

    cchannon_2-1709928685135.png

    That's my first guess for what's causing the behavior you describe, at least.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Microsoft Kickstarter Events…

Register for Microsoft Kickstarter Events…

Announcing Our 2025 Season 1 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Announcing Forum Attachment Improvements!

We're excited to announce that attachments for replies in forums and improved…

Leaderboard

#1
WarrenBelz Profile Picture

WarrenBelz 145,304

#2
RandyHayes Profile Picture

RandyHayes 76,287

#3
Pstork1 Profile Picture

Pstork1 64,703

Leaderboard

Featured topics