Tip #677: Don’t give users and teams the same role

Consider this scenario:

You create a base role that you assign to your users that contains business unit read access to core entities, and assign this role to all of your users. Good idea! You must have read tip 2.

You then decide to give the same role to a few teams, because the teams could also own some records, and your base role contains the permissions that they need. You then add the user with the base role to the team with the same base role.

The problem is, when a user and team have the exact same security role, unpredictable results can occur. On multiple situations, I have seen the user not see the records owned by the team when he or she has the same security role as the team has.

Solution: create a copy of the base role called “Team base role” and assign this role to the teams.


5 thoughts on “Tip #677: Don’t give users and teams the same role

  1. Interesting. Is this a bugg in CRM or by design do you think? Seems like a bugger to me. No particular reason to have different privileges on the team security role, if I understood this correctly?

  2. Hum… really informative.. tk a lot

  3. João Luis says:

    A curse has been brought upon us!

    I kept the users and their teams with same role for a long time, and then I read this article and thought “well, it never happened to me, that’s strange” and then, boom. A user was not seeing records he just created, I looked everywhere and found nothing, then, the sun shone over me and this article came to my mind, I tested creating a copy of the role and switching it for the teams, and it solved the problem, really strange isn’t it?

  4. Peter Hale says:

    There is a good reason if you want the access given to someone outside the BU but at the same level and you want them to create activities in that BU, the team role needs a yellow half circle and not a yellow piece for activities. I also created a second team in the BU to put external users from other BUs in – easier to control and that team has the special security role for teams – can use this in conjunction with #1067 (https://crmtipoftheday.com/1067/when-two-groups-say-we-want-to-hide-our-stuff-but-see-everyone-elses/)

Leave a Reply

Your email address will not be published. Required fields are marked *