Tip #1089: User Delete Privileges Stretch Further Than You Think

This one was discovered by my KPMG partners in crime Fiona Whiteing and Jijeesh Kunhiraman on a recent project. As you may know, for a record such as a Contact, if I own the record, I can see the child Activities whether my security role gives me permission or not. I do not know if […]

Tip #1079: Security Design Principles

We have a lot of flexibility when it comes to security in Dynamics 365; field-level, record-level, hierarchy, ad hoc sharing and so on. Sometimes, depending on the requirements, there are a few ways to skin the cat (such a violent expression). Whenever you are presented with a range of options to solve a problem, it […]

Tip #1067: When two groups say “We want to hide our stuff but see everyone else’s”

Generally my policy is unless there is a REALLY good reason, all data in CRM should be shared. However, on rare occasion, there is a REALLY good reason. When you have one special group who want to hide their, say, Activities from everyone else, a well-placed Business Unit will do the job (either have one […]

Tip #969: The problem with sharing

Does Microsoft have guidance about how much sharing is too much? — CRMTOD reader I find it hard to believe we have gone 968 tips without talking about the risks of excessive sharing in Dynamics 365. Few features in CRM parallel sharing on the “this is the best thing ever/this is my worst nightmare” scale. […]