Microsoft Dynamics CRM provides a comprehensive security model, which offers a lot of flexibility. Often this can lead to confusion and serious consideration needs to be given to how this is implemented to ensure that it meets the requirements.
We recently worked with a customer who was using Microsoft Dynamics CRM Business Units to allow Staff and Managers to access all records within a specific part of the business. However, their structure was more ‘fluid’ than this, as users regularly needed to access records owned by people in different Business Units. Initially they started to use the ‘Share’ functionality, but this soon became unmanageable and did not offer the level of control required.
This posed an interesting question:
What is the best way to provide the required security around Sales Opportunities, whilst having the ability for staff and managers to have ‘stand ins’?
The answer – Teams.
Microsoft Dynamics CRM records can be owned (assigned) to Users or Teams, with security permissions built around this record ownership. These Users and Teams ultimately belong to Business Units.
For our approach to work the system had to determine the correct Team to ‘own’ each record. We created a plug-in that implemented a set of business rules to decide the Team (a workflow could work equally as well). For example, under different conditions the owning Team of a Sales Opportunity could be set to:
- The Team of the User saving the record;
- The owning Team of the associated Account record.
The ‘Owner’ field on the Sales Opportunity was made read only to prevent Users from making any manual amendments.
Users who require access to the records are added to the Team. A ‘stand in’ could be temporarily added to a Team, whilst a Manager could be added to several Teams.
If an Account needs to be reassigned to a new Team, this can be performed manually via the User Interface. Any Sales Opportunities that are also owned by the same Team, can be automatically updated as long as the relationship between the entities is set to cascading.