locked
Report & Security Roles RRS feed

  • Question

  • I have a solution that contains reports and security groups. I want that only the people belonging to a particular security group can see a particular report.

    I understand from other posts that sharing it with the organization basically makes it visible to everybody. I can also share it with individuals but in the solution (and the development machine) I don't know who those users are (which might also change later on). I could create a team but for that I also need to know the administrator and members of the target machine but I don't know them.

    I was thinking of creating a workflow that I run after importing the solution but it does not seem possible to parse the members of a security groups and then share certain reports with the members of that/these security group(s).

    Any input is appreciated.

    Wednesday, September 4, 2013 5:31 AM

Answers

  • Thanks for the reply. My goal was to provide a mechanism inside the solution that allows to easily assign reports to certain groups. Ideally that would be a security group but I could live with a team. The issue is that in my solution I cannot create a team as I also need to define users.

    The idea with limiting reports to certain entities works if only users of a specific security group have access to these entities. The issue is that for instance different groups have access to the Account entity but not all of them should see all reports related to Accounts (in the same sense each security group has their own Account form).

    It looks like the only option I have is include the reports in the solution, then when it has been imported change it from organization to individual and manually share it with individuals or teams that have been created on the target platform.

    Maybe you are correct. But the deployment specific jobs could not completely done through the development phase, as I said before. Because you actually do not know the users, groups,... of the environment you are deploying. Hence, some parts of this job should be done manually in the deployment.


    My Weblog | My Website

    • Marked as answer by hfaun Wednesday, September 4, 2013 8:38 PM
    Wednesday, September 4, 2013 8:22 PM
    Moderator

All replies

  • Hi,

    The question you asked is something in the deployment phase, where you are trying to do it in the development phase. Hence, it should be solved in the deployment phase. However, as you know the privileges in CRM are based on the  ownership. Mean that, you could specify who reads or who writes based on the owner. So, if you want to restrict the reports from being seen by other users, you may create a group and assign the reports to them, and also make the read level on all security roles to user level. I think this could not help you! As a better solution you could hide reports from the reports area, and only allow it to be shown on its own records (for example, in the quotes ribbon). Then, only the users have access to the quotes entity could see and run the report.

    P.S: Have a look the reports category to see if it could help you.



    My Weblog | My Website

    Wednesday, September 4, 2013 6:51 AM
    Moderator
  • Thanks for the reply. My goal was to provide a mechanism inside the solution that allows to easily assign reports to certain groups. Ideally that would be a security group but I could live with a team. The issue is that in my solution I cannot create a team as I also need to define users.

    The idea with limiting reports to certain entities works if only users of a specific security group have access to these entities. The issue is that for instance different groups have access to the Account entity but not all of them should see all reports related to Accounts (in the same sense each security group has their own Account form).

    It looks like the only option I have is include the reports in the solution, then when it has been imported change it from organization to individual and manually share it with individuals or teams that have been created on the target platform.

    Wednesday, September 4, 2013 8:09 PM
  • Thanks for the reply. My goal was to provide a mechanism inside the solution that allows to easily assign reports to certain groups. Ideally that would be a security group but I could live with a team. The issue is that in my solution I cannot create a team as I also need to define users.

    The idea with limiting reports to certain entities works if only users of a specific security group have access to these entities. The issue is that for instance different groups have access to the Account entity but not all of them should see all reports related to Accounts (in the same sense each security group has their own Account form).

    It looks like the only option I have is include the reports in the solution, then when it has been imported change it from organization to individual and manually share it with individuals or teams that have been created on the target platform.

    Maybe you are correct. But the deployment specific jobs could not completely done through the development phase, as I said before. Because you actually do not know the users, groups,... of the environment you are deploying. Hence, some parts of this job should be done manually in the deployment.


    My Weblog | My Website

    • Marked as answer by hfaun Wednesday, September 4, 2013 8:38 PM
    Wednesday, September 4, 2013 8:22 PM
    Moderator
  • I wish MS would allow to assign security roles to views and reports (and therefore in solutions) just as it does allow to assign security roles to different forms of an entity.

    In any case, I am marking this as an answer, i.e. that this is not possible. Thanks.

    Wednesday, September 4, 2013 8:38 PM