Search code examples
dynamics-crmdynamics-crm-2015

Splitting entity access using teams

We got a custom entity "contract" in Dynamics CRM which has "organization" as owner.

Now, we got a flag which splits contracts into different types. We got two teams. Both teams should be able to read all contracts, but only team A should be able to edit contracts of type A and some for contract type b and team B.

Can this be achieved with access teams? Would we write a workflow which ensures that contracts of type A are managed by team A and vice versa?

I am a bit confused by the documentation which lists access teams and automatic access teams using templates.

Which ways does Dynamics offer to solve scenarios like the above mentioned?

Solution

  • I probably wouldn't have used organisation ownership to start with. Because most of the problem is solved by team ownership rather than using this "contact type" field.

    Team A owns contacts type A, Team B owns contracts type B. Then use security roles to allow read of contracts across the entire business unit/organisation, and restricts update rights to only contracts you own.

    Then for the few contracts they both can edit, this does lend towards using access teams. Enable access teams on the entity, allow update rights on the entity for the access team, and add the relevant users to the record they need to be able to edit.

    Note: you can use either an access team as described above, or have them owned by a third team "AB" that all users are a member of. This team would own any of the contracts type B they both need to edit. Both of the above solve the additional problem for you.

    Edit as per comments:

    If you can't change the entity from Organization owned, you have a problem. You can only enable access teams on team/user owned entities. What you'll need to do instead is come up with a manual way to manage this. For example, here's very rudimentary and simplified solution (as I'm aware you've simplified the problem):

    • Create a checkbox on the contract entity called "Allow updates by Team A".
    • Write a plugins to block the updates
    • If Team A try to update Contract Type B and the "Allow Updates by Team A" is false throw an exectpion
    • If Team B try to update Contract Type A throw an exception

    I'm guessing your problem is more complex than this, so you might have to be a bit inventive as to how you manage it. It might be as simple as the checkbox being a drop down. It might even have to be a relationship. You might even have to write your own version of access teams to get over the problem. All I know is it unfortunately looks like it's going to be some custom code for you.