Thursday 11 May 2023

{How to} enable record ownership across Business Units in Microsoft Dataverse

Hello Everyone,


Today i am going to share new feature which allows a user to access another business unit records.



Lets gets started.


Before we dive into the new feature we need to understand about the "Hierarchical data access structure".



Hierarchical data access structure:


when do we use hierarchical structure, when data and user are compartmentalized in a tree like hierarchy.





Suppose we have three business units including a ROOT Business unit at the top.



When we associate a user with this environment, we can set the user to be in one of the three business units and assign a security role from the business unit to the user.




When a user creates a record is determined by the business unit associated user. With the association it allows us to craft the security role which allows the user to see records in the respective business unit.





                                     





User A is associated with Divison A and assigned a security role Y from Division A.  This will allow User A to access the Contact #1 and Contact #2 records. While user B in Division B cannot access Division A's Contact records but can access Contact #3 record.




Matrix data access structure(Modernized Business Units)



Customers can use an organisation structure where data is compartmentalized in a tree like hierarchy.

Users can work and access any business unit's data regardless of what the business unit the user is assigned to.


So when we assign a user with an environment, we can set the user to one of the three units . For each business unit that a user needs to access data, a security role is assigned from that business unit to the user.


When a user creates a record  the user can set the business unit to the own the record.










Here User A  can be associated with any of the business units, Including the root business unit. A security role Y from Division A is assigned to user A which gives the user access to Contact #1 and Contact #2 records.

A security role Y from Division B is assigned to user A which gives the user access to Contact #3 record.




How to enable this feature?

1. Login into  PPAC


2. Select the environment and Click on settings.


3. Then Products > Features



4. Turn on the "Record ownership across Business Units"


So once this feature is turned on, we can select the Business unit when you assign a security role to user. This allows you to assign  security role from different business unit to a user. 

The user requires a security role from the other business unit to be assigned in order to run the Model Driven Apps, with the user settings privileges.


I hope this helps.
Malla Reddy(@UK365GUY)
#365BlogPostsin365Days

No comments:

Post a Comment

Note: only a member of this blog may post a comment.