locked
MS Dynamics CRM 2011 Granting Record rights for viewing RRS feed

  • Question

  • Hi CRM Support

    I would like to seek your expert advice regarding the custom entity we have made for our required process. 

    We have created custom entity for budget and reimbursement process. Finance users have full access on this entity, while am and ps users should only see the records tagged on their names. On the entity form, we have account manager field for am and product specialist field for ps. If their names are mapped on the fields they should be able to view the records. Now, i would like to know what will be the best way to do the record restriction.. I know sharing is one of the features of dynamics CRM but, i can also see that sharing slows down the performance of the system. 

    Please help on how i am going to do it on a better way aside from sharing the records.

    Thank you for any support and replies.

    Best regards,

    Honey Dulatre

    Thursday, April 23, 2015 12:38 PM

Answers

  • Access to viewing a record is usually done through a security role based on record ownership.  A record can be owned by a single user or a team (depending on your version of CRM.  Prior to CRM 2011 only a user can own a record).

    As a work around, you could try using an On Load JavaScript event that compares the current user with the user names in the custom fields on the form for the ps and am.  If the current user is not in one of the fields or the owner of the record, then hide the specific fields on the form.

    Keep in mind that this will not affect what is seen in a grid view of records for this custom entity.  So if this field is hidden for a user on the form, the user could still get the information from the grid view or even using an advanced find.

    Beyond the above, I'm not sure if you can do anything else unless they are working in teams.  If that's the case, you could potentially use different forms or even field level security to control what fields are viewable to specific teams or users.  Field level security would also prevent someone getting the data from a record through Advanced Find.

    You are correct about a performance impact when sharing records.  Share just a few records isn't a problem.  But once users see this as a simple way to give their coworkers access to records they own, it could spiral out of control with hundreds to thousands of records being shared because they can easily select all the records they own and share then in just a couple clicks.  Unsharing on the other hand requires doing it one at a time unless you can get your hands on a third party tool.


    Jason Peterson

    Thursday, April 23, 2015 6:06 PM

All replies

  • Access to viewing a record is usually done through a security role based on record ownership.  A record can be owned by a single user or a team (depending on your version of CRM.  Prior to CRM 2011 only a user can own a record).

    As a work around, you could try using an On Load JavaScript event that compares the current user with the user names in the custom fields on the form for the ps and am.  If the current user is not in one of the fields or the owner of the record, then hide the specific fields on the form.

    Keep in mind that this will not affect what is seen in a grid view of records for this custom entity.  So if this field is hidden for a user on the form, the user could still get the information from the grid view or even using an advanced find.

    Beyond the above, I'm not sure if you can do anything else unless they are working in teams.  If that's the case, you could potentially use different forms or even field level security to control what fields are viewable to specific teams or users.  Field level security would also prevent someone getting the data from a record through Advanced Find.

    You are correct about a performance impact when sharing records.  Share just a few records isn't a problem.  But once users see this as a simple way to give their coworkers access to records they own, it could spiral out of control with hundreds to thousands of records being shared because they can easily select all the records they own and share then in just a couple clicks.  Unsharing on the other hand requires doing it one at a time unless you can get your hands on a third party tool.


    Jason Peterson

    Thursday, April 23, 2015 6:06 PM
  • thanks for the helpful info Jason.

    Best regards,

    Honey

    Monday, May 18, 2015 6:07 AM