Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Ownership team RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    we're using teams as owner for objects and I need to know the rules of solving teams regarding access rights.

    A user is member of a team. The user has server roles and the team has server roles with different accessible entities and different access right level. When are the privileged based on server roles of user relevant and when the server roles of the teams?

    It would be very helpful to me to know.... Than you in advance,

      Gabriella

    Monday, August 22, 2011 3:05 PM

Answers

  • Question
    Sign in to vote
    1
    Sign in to vote

    Hi Gabriella,

    Security Roles, whether given to an Individual or given to a member of a Team are cumulative. This means that no matter what, the highest Privileges given to a user will always trump the lower permissions.

    So, let's say User Ralph Wiggum has a role called Spingfield Elementary Students within a BU called Students. This Security Role has User Level Read permissions for Contacts. He can only See records he owns.

    Now, let's say we add him to the CRM Team Springfield Elementary PTA. This team belongs to the PTA BU, with a Role Called Parents and Teachers. This Security Role BU Level Read permissions for Contacts.

    He can now see Contacts he owns as well as those Contacts which have Owners in the PTA BU (as well as Contacts that the Team owns). He will still not be able to see any Contacts in the Students BU that he does not own.

    So if Edna Krabapple owns a record called Chief Wiggum and she belong to the PTA BU, Ralph will be able to see the Chief Wiggum contact.

    Thus, Teams have the ability to transport system Users to a new BU, that may or may not be directly inherited by the parent BU.

     

     

    Does this make sense?

    --Dodd
    • Edited by MDodd73 Monday, August 22, 2011 4:43 PM More Info
    • Marked as answer by Gabriella E Tuesday, August 23, 2011 12:28 PM
    Monday, August 22, 2011 4:36 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    The users will inherit all the privileges from any teams they are members of. The final privileges of the user equals the union of the privileges that the user has + all the prvivileges inherited from teams.

    For eample, if a user does not have "write" access on account, but the user belongs to a team that has "write" access on account, then the user will have write access on account.

    Gonzalo | gonzaloruizcrm.blogspot.com

    Monday, August 22, 2011 3:53 PM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    If you will assign security roles to the Teams then managing the security would be much easier then assigning roles per user and yes if the user has been assigned a security role that has Account Share Priveleges for Organization level and User team has been assigned a security role which has priviles of Account Share for Business Unit level then always the higher security priveles will be assigned and in this case user will be able to assign the Account to all CRM users.    

    I would suggest you to have look at the CRM security Model: http://msdn.microsoft.com/en-us/library/gg309524.aspx

    Jehanzeb Javeed

    http://worldofdynamics.blogspot.com
    Linked-In Profile |CodePlex Profile

    If you find this post helpful then please "Vote as Helpful" and "Mark As Answer".
    Monday, August 22, 2011 4:12 PM
  • Question
    Sign in to vote
    1
    Sign in to vote

    Hi Gabriella,

    Security Roles, whether given to an Individual or given to a member of a Team are cumulative. This means that no matter what, the highest Privileges given to a user will always trump the lower permissions.

    So, let's say User Ralph Wiggum has a role called Spingfield Elementary Students within a BU called Students. This Security Role has User Level Read permissions for Contacts. He can only See records he owns.

    Now, let's say we add him to the CRM Team Springfield Elementary PTA. This team belongs to the PTA BU, with a Role Called Parents and Teachers. This Security Role BU Level Read permissions for Contacts.

    He can now see Contacts he owns as well as those Contacts which have Owners in the PTA BU (as well as Contacts that the Team owns). He will still not be able to see any Contacts in the Students BU that he does not own.

    So if Edna Krabapple owns a record called Chief Wiggum and she belong to the PTA BU, Ralph will be able to see the Chief Wiggum contact.

    Thus, Teams have the ability to transport system Users to a new BU, that may or may not be directly inherited by the parent BU.

     

     

    Does this make sense?

    --Dodd
    • Edited by MDodd73 Monday, August 22, 2011 4:43 PM More Info
    • Marked as answer by Gabriella E Tuesday, August 23, 2011 12:28 PM
    Monday, August 22, 2011 4:36 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Guys,

    thanks a lot for your support. It's clear now.

    Have a nice day,

        Gabriella

    Tuesday, August 23, 2011 12:27 PM