Occasionally I will come across a requirement to allow for some CRM notes to be private and only readable by the person who creates them. In my opinion, this is generally a bad idea.
In CRM 2013 and 2015, the user interface for notes does not allow users to open the note form. They must be interacted with from the social pain (mis-spelling intentional). This interface does not give us access to share, run workflow, or any custom fields on the note record, and therefore limits the typical options that we will use to provide selective security to records.
The bigger issue is that by providing the ability for some notes to be private, it is very common for users to start marking all notes as private. The result will be that CRM will be a less collaborative platform, and what’s the point of putting data in CRM if I’m the only one that can see it?
If you must use private notes, my recommendation is to use a custom entity to hold the private notes, then set the permissions on that entity appropriately. But make sure that you set expectations and train your users that only truly private information should go there, so that the non-private data can still be viewed by all users.
I totally agree with you, but I was involved in many projects where clients needs the ability to make notes private. Lately I was thinking of rather using OneNote with CRM integration and the security will be handled by SharePoint, not an ideal solution, but a easy manageable one.
Alternatively you can also create a preretrievemultiple plugin that will filter records based on security roles, access teams etc. This will also prevent users from finding the private notes in advance find..
Is there a way to restrict Notes so that once a user posts a note, no other users can edit it? It can remain viewable to anyone, but only the creator of the note could actually edit it.
Note is an entity that you can apply permissions to and get the functionality you’re after. In fact, OOB roles like Salesperson already have permissions set up the way you want.