locked
Defining Securoty Roles to different system views RRS feed

  • Question

  • Hi,

      I am using CRM 2011 and i havea requirement where a user should have securoty role such that the user should be able to view only accounts that are created by him.I have given the security role of user but the user does not get any system views at all.

    How do i resolve this issue OR how do i define security role such that the user should get a view of only "My Active Acounts".


    Bilal Sayed.
    Tuesday, May 31, 2011 7:46 AM

Answers

All replies

  • The are four levels of security:-

    User

    Business unit

    Parent: Child Business Units

    Organisation

    If you give User level access on Account entity on all operations(like create, write etc) than users will only see their accounts where they are owner.

     


    Regards Faisal
    Tuesday, May 31, 2011 9:41 AM
  • Hi Bilal,

    Dynamics CRM security Roles does not offer view wise security, i would suggest you to perform the following steps for the solution:

    1. In CRM, Go to Settings->Customizations->Customize the System

    2. In left navigation under Entities group, expand Account group node

    3. Click on Views

    4. Select the View which you do not want to appear to users

    5. In toolbar click on More Actions  button and select Deactivate option

    With this solution users should will only get a view "My Active Acounts" instead of all views.


    Thank You,
    Jehanzeb Javeed,
    http://worldofdynamics.blogspot.com
    Linked-In Profile |CodePlex Profile

     
    If you find this post helpful then please "Vote as Helpful" and "Mark As Answer".


    Tuesday, May 31, 2011 12:12 PM
  • Hi Bilal,

     

    You need to give the user a "user" level privilege on  accounts, but still give him organization level access to System Views so he can see all the views. If the user selects a view such as "Active accounts" then he will only be able to see the active accounts that he owns, I believe that's what you need.


    Gonzalo | gonzaloruizcrm.blogspot.com

    Tuesday, May 31, 2011 2:36 PM
    Moderator
  • Hi All,

        Thanks for the reply.

    I also have a scenario where the user can view all of the record that he has created plus he should be able to view all the records of the user of which he is a manager.

    i.e.View Those Recors= User (Owner + Created By Records) + Manger User (Created By + Owner Records).

    How do i resolve this issue.

    Thanks.


    Bilal Sayed.
    Wednesday, June 1, 2011 5:06 AM
  • Hi Bilal,

     

    For that you would need to leave the privilege as "user" depth and implement a plugin that shares the record with the manager each time that the record is created/assigned.

    You would need to use the GrantAccessRequest (http://msdn.microsoft.com/en-us/library/microsoft.crm.sdk.messages.grantaccessrequest) to share with manager.

     

    You can see a sample here: http://dmcrm.blogspot.com/2009/05/sharing-records-automatically.html


    Gonzalo | gonzaloruizcrm.blogspot.com

    • Proposed as answer by Jehanzeb.Javeed Wednesday, June 1, 2011 3:21 PM
    • Marked as answer by Jim Glass Jr Wednesday, June 1, 2011 8:19 PM
    Wednesday, June 1, 2011 12:23 PM
    Moderator
  • Hi Bilal,

    In case of sharing records via plugin please also consider this that when user manager will be changed, his old manager would be still able to see the users records. So on changing manager the plugin should also revoke shared open records readonly access from his oldmanager and grant to the new manager (In plugin you have to query all old sharecords and revoke sharing access).

    You would need to use the RevokeAccessRequest http://msdn.microsoft.com/en-us/library/microsoft.crm.sdk.messages.revokeaccessrequest.aspx to revoke access.

     

    I hope this will be helpful.


    Thank You,
    Jehanzeb Javeed,
    http://worldofdynamics.blogspot.com
    Linked-In Profile |CodePlex Profile

     



    If you find this post helpful then please "Vote as Helpful" and "Mark As Answer".

    Wednesday, June 1, 2011 3:21 PM