Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Team-Level Security RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Here is our scenario:

    1) There are multiple technicians. Each technician should only see his activities
    2) There is a manager for the technicians who should see all activities of all technicians.
    3) There are multiple sales people. Each sales person should only see his activities
    4) There is one sales manager who should see all activities of all sales people.

    1) and 3) are easy by giving them "User" level access rights. The problem I am running into is with 2) and 4). I can give them "Business Unit" level access. However, now the manager for the technicians sees ALL activities including the ones from the sales team. Is there a way to define access on a "Manager" level, i.e. the manager sees only the records of the users reporting to him but not others?

    Tuesday, October 28, 2014 5:25 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    Manager level access as you describe is coming along in CRM2015 and will be referred to as hierarchy security whereby you can either choose to grant access to records down via the 'manager' relationship on users OR using 'positions' which are slightly broader.

    However, back to your problem in CRM2013 (or below)..

    The way to do this is to create a separate business unit for the technicians/technician manager and then one for the sales people/sales manager. As you say, a security role for the sales people and technicians that grants user level privilege, then a 'managerial' security role to grant BU level access.

    So, you'll have 3 business units, the 'root' BU where the system administrator lives, then your 2 new BU's beneath this. Move your users into either the sales or technician BU then give them a suitable security role (switching business units removes all security roles for that user).

    Rob

    MCTS. GAP Consulting Ltd. Microsoft Community Contributor Award 2011 & 2013

    • Proposed as answer by Rob Boyers Tuesday, October 28, 2014 7:52 PM
    • Marked as answer by hfaun Tuesday, October 28, 2014 9:52 PM
    Tuesday, October 28, 2014 7:52 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    Manager level access as you describe is coming along in CRM2015 and will be referred to as hierarchy security whereby you can either choose to grant access to records down via the 'manager' relationship on users OR using 'positions' which are slightly broader.

    However, back to your problem in CRM2013 (or below)..

    The way to do this is to create a separate business unit for the technicians/technician manager and then one for the sales people/sales manager. As you say, a security role for the sales people and technicians that grants user level privilege, then a 'managerial' security role to grant BU level access.

    So, you'll have 3 business units, the 'root' BU where the system administrator lives, then your 2 new BU's beneath this. Move your users into either the sales or technician BU then give them a suitable security role (switching business units removes all security roles for that user).

    Rob

    MCTS. GAP Consulting Ltd. Microsoft Community Contributor Award 2011 & 2013

    • Proposed as answer by Rob Boyers Tuesday, October 28, 2014 7:52 PM
    • Marked as answer by hfaun Tuesday, October 28, 2014 9:52 PM
    Tuesday, October 28, 2014 7:52 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Rob, thanks for the reply. I recall that I had some issues in the past by using different BUs. But that was for dividing company divisions (each with it's own sales team) into BUs. This is a different situation so I think your suggestion might work. I did a quick test with a test user account. I was able to move that user to other BUs and back to the root "BU" again. However, I got the warning "also the current user cannot be moved because this creates authentication issues". Is that something to worry about?

    Btw, do you happen to have any rough idea when CRM2015 on premise will become available? Maybe based on past release dates.

    Tuesday, October 28, 2014 8:52 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Unsure about the error message, were you attempting to move your user who you were logged in as rather than logging in as system administrator to move the user(s)?

    As for CRM2015 there's no official date just 'Q4' this year. We have the second beta available now so if I was gambling, I'd say early to mid-December.

    Rob

    MCTS. GAP Consulting Ltd. Microsoft Community Contributor Award 2011 & 2013

    Tuesday, October 28, 2014 9:35 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Rob, I am logged in as the system administrator and moved another test user. This is actually not really an error but warning in the window that pops up when I click on "Change Business Unit" and where I select the new BU. That sentence is right after the warning that all roles will be removed.

    Q4 THIS year? That's good news!

    Tuesday, October 28, 2014 9:43 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Haven't seen that message, must be new..

    Yes, CRM2015 in time for the year 2015. Unusual I know ;-)

    MCTS. GAP Consulting Ltd. Microsoft Community Contributor Award 2011 & 2013

    Tuesday, October 28, 2014 9:49 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Just as a follow up, I did move multiple people to new BUs today. So far I have not seen any issues with authentication. As mentioned before, there was a warning about authentication issues for the "current user". I start to think that "current user" does not mean the user I selected and that I am in the process of moving to a new BU. Instead, this refers to the user that is currently logged in. In this case I can certainly see that there might be issues, even more so because I was logged in as the administrator.

    Thursday, October 30, 2014 3:39 AM