This is not simple to do with the CRM security model. You can achieve it by putting senior management users in a different business unit, granting non-senior management users only business unit level permissions on the activity entity (this includes permissions
on emails), then using logic to share to users (or a team containing all users) all activities except the emails to the senior management group. However, there are some limitations to this approach:
- It requires sharing of a lot of activity records. Each record shared adds an entry to the PrincipalObjectAccess table, and too many records in this table can cause performance problems
- The logic to determine when not to share records can be complicated, especially as it will probably have to check the activity parties on an email
- You may have to adjust your business unit structure to make this work
The simpler option is not to track these emails into CRM in the first place
Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk
