Security Profile RRS feed

  • Question

  • We are looking to separate senior management and other users so if senior management send an email to among the senior management group users in the other users are should not see this communication but senior management can see emails across all users. how can we best implement this.


    Wednesday, December 9, 2015 3:28 PM

All replies

  • This is not simple to do with the CRM security model. You can achieve it by putting senior management users in a different business unit, granting non-senior management users only business unit level permissions on the activity entity (this includes permissions on emails), then using logic to share to users (or a team containing all users) all activities except the emails to the senior management group. However, there are some limitations to this approach:

    • It requires sharing of a lot of activity records. Each record shared adds an entry to the PrincipalObjectAccess table, and too many records in this table can cause performance problems
    • The logic to determine when not to share records can be complicated, especially as it will probably have to check the activity parties on an email
    • You may have to adjust your business unit structure to make this work

    The simpler option is not to track these emails into CRM in the first place

    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    Wednesday, December 9, 2015 5:26 PM