Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Account Records Access RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi ,

    I have a following scenario.

    I have main business unit ( BU ) named "B2B" under which i have 2 bu "FR" and "GB"

    I have one account which is owned by user from "GB" bu , and this account has Parent Account which is owned by user from "FR" bu.

    one user from "FR" bu has Read access to Accounts at "Parent - Child business unit" Level. but he can see some accounts from "GB" bu in his active account list. , only account from "GB" bu who has parent account from "FR" bu.

    is this normal ?

    Regards,

    Vilas

    Vilas Magar http://microsoftcrmworld.blogspot.com/

    Wednesday, April 3, 2013 10:27 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    I would say no, but since the accounts the user can see are accounts that are children of accounts he can see, there might be something happening there. The parent-child access rights should grant privileges on BUs directly beneath the one you're assigned to.

    Rickard Norström Developer CRM-Konsulterna
    http://www.crmkonsulterna.se
    Swedish Dynamics CRM Forum: http://www.crmforum.se
    My Blog: http://rickardnorstrom.blogspot.se

    Wednesday, April 3, 2013 11:45 AM
  • Question
    Sign in to vote
    2
    Sign in to vote

    Yes, this is how the CRM default security model behaves, but it's not a very widely known feature. The sharing functionality done through the POA table (PrincipalObjectAccess) is able to cross the BU boundaries and in your case the child records are most likely shared automatically to the owner of the parent record.

    You can read more about the background of it in the following blow post (for 4.0 but works the same way in 2011): http://blogs.msdn.com/b/crminthefield/archive/2010/08/16/excessive-principalobjectaccess-poa-table-growth-in-crm-4-0.aspx

    Basically you would need to change reparent setting of the relationship between the entities (in this case a self-referential relationship for the parent-child account) from Cascade All to Cascade None. This should stop CRM from automatically sharing the child records to the owner of the parent record.

    Jukka Niiranen - My blog: Surviving CRM - Follow @jukkan on Twitter

    Wednesday, April 3, 2013 8:26 PM