Business Unit Security Access RRS feed

  • Question

  • I have created a Child Business Unit that has a Parent Business Unit. The Child Business Unit has a team associated with it. The team has members that are all in the Business Unit.

    I have restricted access in the security role so that Read access on Entity A is set to Business Unit.

    My problem is that when a User from the Busines Unit I have created views the entity they can Read records of people in the Parent Business Unit but I only want them to see records for the Child Business Unit which they are a member of.

    Anyone know how to resolve this?


    Thursday, April 23, 2015 3:04 PM

All replies

  • If the issue is with a user from the child BU seeing records in the parent business unit, it is likely a security role issue and you may wan to check the users' security role. In CRM, if more than one security role is being compared (and in this case there are at least 2, 1 with the team, and the other with the user record) the role with the highest privileges will be taken. Not the most restrictive as some people may think. So my guess is that the user security role has org level read privileges.

    You may also consider checking of there is any sharing being done with the record in the child business unit.  A user could have easily shared a large chunk of records with one or more users in the parent business unit.  If this is the case, you will need to unshared them one at a time which is time consuming.  You may also find a third party tool on Codeplex that will do the unsharing or you may be able to create a console app if you have someone with coding skills.

    If the issue is with user seeing related records to the entity, such as seeing emails (that they shouldn't see) of others related to the an account record  (that they are allowed to see) for example, this could be the result of inheritance.  I have seen this before going back to CRM 4.0.  There is an older document for CRM 4.0 that covers this in depth.  I don't have it on hand, I haven't reviewed it in at least 2 years, and I'm not sure if they have anything updated for the newer versions.  Not sure it this applies, since it sounds like the issue is with lower business units seeing parent BU records.

    Jason Peterson

    Thursday, April 23, 2015 5:25 PM
  • If a user from a Child BU is able to see records from Parent BU, it must be a security role issue. To view the records at BU level he must have BU rights but considering that he is able to see records at Parent Child BU I am assuming that he has privilege for that too.

    You might have to check the privilege on the entity for that security role. It should be BU level and not for Parent Child BU.

    Hope it helps!

    Regards, Abhishek Bakshi If you find this post helpful then please Vote as Helpful and Mark As Answer. Check my blog on https://mydynamicscrmblog.wordpress.com/

    Friday, April 24, 2015 4:06 AM
  • Hi,

    First thing you need to check is :-

    1. Which BU the user belongs to?

    1. The access given to user's security role, Is it BU or parent child BU. ( circle half filled or 3/4 filled).

    2. Also check the role assigned to the team which you have created in the child BU, is it BU or parent child BU.

    3. If the user is part of that team he will get to access all that the team has access to.



    Make sure to "Vote as Helpful" and "Mark As Answer",if you get answer of your question.

    Friday, April 24, 2015 5:45 AM