Microsoft is continuously working on providing a richer and seamless experience while setting up the security model. In the Microsoft Dataverse environments, you can implement the security model with even more ease, you can refer to this doc for more details.
In our previous blog, we have already explained the enhancements available while setting up the security model in Microsoft Dataverse. While exploring, then, the UI setting was not available for displaying security roles across business units.
There is a setting available named “Record ownership across business units (Preview)” in the Power Platform Admin Center which is in PREVIEW for a long time.
Need:
With this new feature, you can add security roles from other business units to a user besides the user’s standard business unit. The result is that users have privileges from their security roles in their business unit as well as privileges from the other security roles from the other business units.
Configuration:
Sign in to the Power Platform Admin Center select the Environments tab, and then choose the environment that you want to enable this feature.
Select Settings > Product > Features > Record ownership across business units (Preview) > Turn on the toggle as shown:
NOTE:
- By default this feature is disabled and needs to turn on manually.
This feature changes the way we were managing the security roles till now. If you are thinking to implement the “Role-based security model” then if you remember the security roles were created at the root level and these security roles were inherited by the child business units.
But with this feature, you are now allowed to create a security role at individual BU as well. You can either create a new role from scratch or copy the existing role in the child BU itself, independent of the parent BU.
Use Case:
Let’s say you have two different business units (BU1, and BU2) with different groups of users.
Let’s say “Paulina” belongs to “BU1” and has BU level access as shown below, If she needs access to data created in “BU2” then below are the possibilities:
NOTE:
- BU1 and BU2 are child BU’s of another BU “Innosight” and they are independent of each other.
- If BU1 and BU2 were child BUs of each other then providing parent-child BU access level would have provided the access across the BUs (through Business units hierarchy).
There are a lot of possibilities around to achieve this in Dynamics 365. For example, record sharing, hierarchy security, business unit hierarchy, and team ownership.
Out of all these possibilities, the new modernized business unit structure brings a more enhanced and easy way of doing it.
Before turning on this functionality, if you observe the manage security role page then you will experience that changing/selecting another BU is not allowed.
Navigate to Environments > Select an appropriate environment > Settings > Users > Select the user > Manage Security roles. On this page you can observe changing the BU is not allowed:
After turning on this functionality you have the flexibility to change the BU and can assign the desired security role from the respective BU among the list.
As shown below created the “BU2 Salesperson” role under “BU2” and assigned this to “Paulina”
“Paulina” can now access records from both BU1 and BU2 even though “Paulina” belong to BU1. This is because we have assigned security roles to the “Paulina” from BU2 as well.
Though “Paulina” belongs to BU1, roles from other BU (i.e. BU2) can be assigned, Refer to the below screenshot:
As “Paulina” user have a security role from BU1 and BU2 which allows her to access both BUs data as shown:
Conclusion
By using this feature users can easily assign the security roles independent of BUs and can access the data from other BUs with little effort
Ps: Our favorite Community Summit is back trending with #MySummitNA – Eagerly awaiting to meet our CRM friends in person. Inogic will be at Booth #1334 at the Summit, Gaylord Palms, Orlando, FL from 10th to 13th October 2022. Do block your calendars for 12.15 pm on Oct 12th for our Partner Solution Showcase session Maps for CRM – Maplytics by our CEO at Room Coastal 7 – Convention Center, Level 2. Register now using our Promo Code INOGIC10, and avail of 10% off on your registration!