locked
Custom Security Roles wiping off for a user on changing parent business unit of user's business unit RRS feed

  • Question

  • Hi All,

    I am not sure if its a feature or a bug but I cant seem to understand the logic behind this.

    When a Business Unit's Parent is changed to some other Business unit, then all the users belonging to this child unit will have their custom security roles wiped off. The system security roles are retained.

    Why would this happen?

    Regards,

    Yogesh


    • Edited by CRMYogi Wednesday, February 26, 2014 7:26 PM
    Wednesday, February 26, 2014 7:21 PM

All replies

  • That is a 'feature' of CRM. Security roles when added to crm are added to the root business unit by default and actually replicate down to all child business units. You can add a security role to a specific business unit that isn't the root but I've never come across a project/implementation that does this, there isn't much point.

    If you change the business unit of a user, or as you have found, change the parent business unit of a child business unit that has users, the security roles get removed from the users and must be re-added. I guess the reason is due to the way the security roles 'replicate' from the root down to the child business units, they have unique GUIDS so if a user switches BU or a child BU changes, the security roles previously attached to the user or child BU would no longer be the same records therefore get removed.

    That probably doesn't help you at all, but at least you know the behaviour is what the rest of us experience too!

    Rob


    MCTS. GAP Consulting Ltd. Microsoft Community Contributor Award 2011 & 2013

    Wednesday, February 26, 2014 9:13 PM
    Answerer
  • Thanks Rob for your reply.

    But then why is this behavior only with custom security roles, and not the default security roles? Because even the default security roles are replicated down to child business units, and with different GUIDs like you have mentioned. This tells me that that both custom and default roles should behave in the same manner. But they dont.

    Should we still consider this step-motherly treatment (pun intended) with custom security roles as feature and not bug?

    Regards,

    Yogesh

    Thursday, February 27, 2014 8:51 AM
  • Hi Yogesh,

    Yes. This behaviour with the system and custom security roles is a CRM feature and not a bug.

    Custum security roles has restricted privileges on the entities where as for the system roles, there is no restriction.

    System roles have the same set of privileges for all the Business Units (as they cannot be modified). But if you check with the Custom roles, privileges can be altered for different Business Units.

    Hope this answers your question.

    Vote as Answer if it answers your question.

    Thursday, February 27, 2014 10:54 AM
  • Custum security roles has restricted privileges on the entities where as for the system roles, there is no restriction.

    System roles have the same set of privileges for all the Business Units (as they cannot be modified). But if you check with the Custom roles, privileges can be altered for different Business Units.

    Hi Madhu,

    Thank you for replying.

    Regarding your first input, are these restricted privileges not visible on the UI of security role and not carried over when copied? Because even after creating custom role by copying a system role, and thereby ensuring that all privileges are carried over, still the behavior is same as explained in first post. 

    Secondly you mentioned that privileges for custom roles can be altered across any business unit. This is not entirely correct because custom roles can also only be altered at the unit in which they were created, not in any other. Its just that system roles are created at Root unit by default and so they are open for alteration only in root unit. If you create custom role in the root unit, they too would be available for alteration only in the root unit like system roles.

    Regardless, these two arguments still do not justify to me why only custom security roles should be wiped off and not system roles when business unit structure changes.

    Regards,

    Yogesh

    • Edited by CRMYogi Thursday, February 27, 2014 6:26 PM
    Thursday, February 27, 2014 6:25 PM