locked
Business Unit Hierarchy RRS feed

  • Question

  • Hello, I'm hoping to get some clarification on how business units work and control the sharing of information. Below I tried to include a basic diagram of how it might work. Is there any relationship between the first tier? Would someone assigned to B be able to see information/data from someone assigned to C?

    Here's kind of what I have gathered for someone assigned to B based on security role settings. 

    Business Unit level - can view data from others also assigned to B
    Parent/Child Unit level - would be able to view Organization, B, B1, and B2
    Organization - all data

    So is there any connection to where I could have B and C share data without giving organizational level permissions? Maybe it's obvious and I'm just missing it.

    Thanks for the help!

    -Trevor


    Tuesday, June 4, 2013 4:57 PM

Answers

All replies

  • The main point you have missing is that you completely did not consider the security roles and privileges. If you want to someone in B do not see records of C,D and A you should restrict the read level on that entity to Business unit level. If you want someone in A only could see records on A, A1 and A2 you should grant a read level of child business units on the entity. About data sharing, avoid sharing large amount of data. It could create performance issues. If you feel that you need lots of data sharing it means that you should change your business units structure.


    My Weblog | My Website

    Tuesday, June 4, 2013 5:13 PM
    Moderator
  • Thanks Payman,

    I shouldn't have used the word "share" I suppose as I didn't mean it in the sense the CRM uses it. Rather I meant interact with the data from that business unit. While I may not have addressed the security role in my post I don't think it was relevant one way or the other to my question.

    Say for example, someone in B, C, and D all have an opportunity. B and C should both be able to view and interact with each others data but should not be able to see D. B, C, and D are not parent or child of each other. So giving B and C parent/child business unit permission on the opportunity would not allow them to interact, whether it be read, write, etc with each others opportunities. I would have to give them the organizational level permission on opportunity. Doing that though would then allow B and C to see D's opportunities.

    I'm looking for people across business units (on a horizontal sense) to be able to view each others information without having to allow them to view every ones information. It appears to me that the only way for someone in a business unit that isn't part of a parent/child of another business unit cannot access the data unless they have organizational level permissions. I am still very new to all this so it's very possible I'm understanding this all wrong but I'm just trying to explain it how I currently understand it.

    Thanks,
    Trevor

    Tuesday, June 4, 2013 6:43 PM
  • In addition to the vertical structure (business units), you could use horizontal structures (teams) also. Could you use teams concept? For your example, create a team of B and C users (they are somehow a team, because they work on the same records), and assign the opportunities to that team. The privileges should be at user/ team level. Hence, they could on see their common opportunities, while they could not see the opportunities of D. Could it help you?


    My Weblog | My Website

    Tuesday, June 4, 2013 6:56 PM
    Moderator
  • Trevor, while Business Units only really allow a hierarchical distribution of privileges across units, Teams are a great way to expand the model and allow for exceptions in the hierarchy. In your example, creating a team that's in business unit B and adding the users from C as members + assigning an appropriate security role to the team, you could allow users on the same level of the hierarchy to see data from a selected group of BU's without exposing the whole organization's records to them.

    There's been a couple of great blog articles released recently that provide a detailed explanation of how teams can be used both for manual assignment of security roles as well as programmatically sharing access to records:

    http://customery.com/2013/05/19/using-teams-to-solve-complex-record-sharing-scenarios/

    http://quantusdynamics.blogspot.fi/2013/06/dynamics-crm-2011-data-driven-security.html


    Jukka Niiranen - My blog: Surviving CRM - Follow @jukkan on Twitter

    Tuesday, June 4, 2013 6:57 PM