Long time ago Stefan Strube sent me this tip, I filed it away and forgot all about it (sorry, Stefan!). Until last week, that is, when I started new deployment and customer had specific need for couple rollups on account entity. Good news was that those rollups are out of the box: opendeals and openrevenue, […]
Tip #1147: Revisiting Queues and Teams
Almost two years ago I wrote on the merits of using Teams vs Queues for managing Cases. While I stand behind what I wrote (Teams are simpler but Queues are more powerful) another element raised its head recently which is worthy of consideration if you are going down the path of setting up Case management. […]
Tip #1134: Moving Users Between Business Units
As discussed in 917, moving Users between Business Units can be difficult and, as Joel suggested in 935, a good option when setting up a new system is to add a child Business Unit from the outset and add all the Users there. In a recent implementation I did not do this (in my defence, […]
Tip #1128: What role did I used to have?
Say you move a user to a different business unit, but you forget that when you change a user’s business unit, it removes all of the user’s security roles. How do you find what role the user used to have? One answer is audit history. If auditing is enabled for user entity, you will see […]
Tip #1089: User Delete Privileges Stretch Further Than You Think
This one was discovered by my KPMG partners in crime Fiona Whiteing and Jijeesh Kunhiraman on a recent project. As you may know, for a record such as a Contact, if I own the record, I can see the child Activities whether my security role gives me permission or not. I do not know if […]
Tip #1087: Hierarchical Security and Disabled Users
So you want to use hierarchical security to give your sales managers access to their team’s account records. One thing that you should be aware of is how hierarchical security works when users are disabled. If a user becomes disabled, records that he or she owns are not available for hierarchical security. This is a […]
Tip #1086: Bring back content access levels
Dynamics 365 Portals have a very convenient way to control access to knowledgebase articles – content access levels. Link contact, account, or web role to a content access level (e.g. Gold Partners), then simply associate that access level with a knowledgebase article and boom – that article is only available to the users associated with […]
Tip #1083: Don’t expire your passwords
Mini Truckstop Jonas “The Shuffler” Rapp fed us a perfect question for a security slam dunk. Really? (Jonas’s words, not mine) Yes, really. We’ve already mentioned the brilliant password guidance in our tip 1031. Since some folks seem to have missed the memo, here’s the quote from the guidance (highlights are mine – g.d.). Most […]
Tip #1079: Security Design Principles
We have a lot of flexibility when it comes to security in Dynamics 365; field-level, record-level, hierarchy, ad hoc sharing and so on. Sometimes, depending on the requirements, there are a few ways to skin the cat (such a violent expression). Whenever you are presented with a range of options to solve a problem, it […]
Tip #1068: How to Grant Access to Organization Insights
Back in my first TOTD post, I sung the benefits of Organization Insights. It is truly the administrator’s best friend. But what if a non-administrator wants in on the action? It turns out that, by default, the only two Security Roles that can see the Organization Insights dashboard are the System Administrator and System Customizer […]