Sign in
Microsoft.com
 
Microsoft
 
 
 
Microsoft >
Security Issue - User/Team access to unauthorized records after ownership change

Answered Security Issue - User/Team access to unauthorized records after ownership change

  • Tuesday, December 04, 2012 6:32 PM
     
     
    Sign In to Vote
    0

    Hello,

    We are running CRM2011 on premise and want to give access to external users.  We have set up teams and included users in these teams with limited access.  We have set security role key for Entities we wish to show to "User" for both user and Team.  We set Owner to Team, this way they can only see records which their Team is Owner of.

    So when I set Owner of record to team, User can only see record associated to it's Team.  But when I change Owner to an internal User, the External user can still see this record even though its Team is no longer the Owner.

    I have tried clearing cache as well to see if that could be the issue but no luck.

    Any ideas?

    • Edited by JoubinCRM Tuesday, December 04, 2012 6:40 PM made typos
    •  
     

All Replies

  • Tuesday, December 04, 2012 7:21 PM
    Moderator
     
     
    Sign In to Vote
    0

    Have you reviewed the security roles that are assigned to the External User? The external users may have rights to view records that they don't own because of how their security roles are configured.

     
  • Tuesday, December 04, 2012 7:46 PM
     
     
    Sign In to Vote
    0
    Yes and the security roles are set to "User" for that Entity.
     
  • Tuesday, December 04, 2012 7:52 PM
    Moderator
     
     Answered
    Sign In to Vote
    0
    I wonder if the records have been shared back to the original owner (i.e. the team). There is a setting in Systems Settings on the general tab to do with this.
    • Marked As Answer by JoubinCRM Tuesday, December 04, 2012 9:07 PM
    •  
     
  • Tuesday, December 04, 2012 8:12 PM
     
     
    Sign In to Vote
    0
    I found it and it was actually set to be shared.  I changed it to not to be shared but I issue persists.  I cleared my cache to be sure.
     
  • Tuesday, December 04, 2012 8:29 PM
     
     Answered
    Sign In to Vote
    0

    Hi,

    Did you test the issue on data the problem exists before changing the setting or on complete new data - sharings won't be deleted if you change the setting in your system settings!

    Best regards,

    Andreas

    Andreas Buchinger
    Microsoft Dynamics Certified Technology Specialist
    MCPD: SharePoint Developer 2010

    • Marked As Answer by JoubinCRM Tuesday, December 04, 2012 9:07 PM
    •  
     
  • Tuesday, December 04, 2012 9:08 PM
     
     
    Sign In to Vote
    0

    Andreas and Feridun,

    You were both right! First I had to remove sharing from settings and 2nd, this works for all new data going forward.

    Thank you!

     
  • Tuesday, December 04, 2012 9:41 PM
    Moderator
     
     
    Sign In to Vote
    0

    Glad that you got this sorted.

     
  • Thursday, December 06, 2012 2:40 PM
     
     
    Sign In to Vote
    0

    Is there a way to set Shared Reassigned to "No" for all records by manipulating the SQL database? We've set it to No for future records but still need to unshare for past records.

    Thx!

     
  • Thursday, December 06, 2012 4:09 PM
    Moderator
     
     Answered
    Sign In to Vote
    0
    I don't think so. Share Reassigned is a flag that sets whether records are shared after assignment. Once a record is shared the state of Share Reassigned is not relevant. I think you need a bulk unshare utility.
    • Marked As Answer by JoubinCRM Thursday, December 06, 2012 7:35 PM
    •  
     
  • Thursday, December 06, 2012 7:36 PM
     
     
    Sign In to Vote
    0

    Right again;)

    I just used this tool and it works great!

    http://crm2011workflowutils.codeplex.com/

    Thx!