Customer Engagement & Dynamics CRM Forum

Expand all | Collapse all

How to restrict access to Cases

  • 1.  How to restrict access to Cases

    Posted 22 days ago
    We would like to restrict access to Cases in certain teams (or Business Units BU). The main problem is that people in our organisation might need to have access to multiple teams or BUs. For example we offer our students a counselling service and any interactions they have will us via this service must be kept confidential. Other members of the team may be able to see these interactions but no one else. The problem we face is that some members of this team also work from time to time in the general support area (different team) where all Cases are generally visible to everyone.

    From what I understand once a Case is owned by a person that is where the security model will derive the access controls, there does not appear to be any way to set the security using a persistent team. This means if we need to make someone a member of the support team then everyone in the support team can see all of this person's cases including the Counselling cases.

    Our vendor has suggested they could solve this by creating a custom Case entity but I am not wild about this because we have to rebuild all of Case solutions into this custom entity and every time Microsoft releases anything new for Cases it probably won't be automatically available to the custom case entity.

    Any suggestions would be great.

    Mark

    ------------------------------
    Mark Westerman
    Charles Sturt University
    Thurgoona
    ------------------------------
    Conference-CRMUG_200x200


  • 2.  RE: How to restrict access to Cases

    GOLD CONTRIBUTOR
    Posted 22 days ago
    I'm not sure I quite understand the problem, but if you restrict permissions to "Business Unit" for cases, you can segment them up. Ownership of confidential cases can be assigned to a user or team in a dedicated business unit. To give others access, add them to a team in that business unit. That's generally how you bridge access across Business Units without giving users access to everything.

    Be aware, the activities (like emails) do not follow the same restrictions as cases. So even though users may not be able to see a confidential case, they could access all the emails related to it if they know where to look. Restricting access to activities is problematic as they all share a single set of permissions.

    ------------------------------
    Tom Pickles
    Business Systems Developer
    Visit Scotland
    Edinburgh
    ------------------------------

    Conference-CRMUG_200x200


  • 3.  RE: How to restrict access to Cases

    Posted 17 days ago
    Thanks Tom

    You raise an important issue, it is actually in the message content where all of the confidential information resides so this could be a problem if we cannot restrict it.

    Regards

    Mark

    ------------------------------
    Mark Westerman
    Charles Sturt University
    Thurgoona
    ------------------------------

    Conference-CRMUG_200x200


  • 4.  RE: How to restrict access to Cases

    TOP CONTRIBUTOR
    Posted 22 days ago
    Hi, Mark,

    Just a thought...have you investigated the possibility of using Access Teams?  Here's some info on that:

    https://docs.microsoft.com/en-us/dynamics365/customer-engagement/developer/use-access-teams-owner-teams-collaborate-share-information


    Cheers,
    Phyllis

    ------------------------------
    Phyllis Eriksen
    Dynamics 365 CRM Administrator
    Audimation Services, Inc.
    Houston, TX
    ------------------------------

    Conference-CRMUG_200x200


  • 5.  RE: How to restrict access to Cases

    Posted 17 days ago
    Hi Phyllis

    I did have a bit of a look at Access Teams, I felt this was giving be the opposite of what I wanted. My problem is that D365 will provide more access/visibility to Cases than I want when someone is in multiple Business Units. I will look at it again though.

    Thanks

    Mark

    ------------------------------
    Mark Westerman
    Charles Sturt University
    Thurgoona
    ------------------------------

    Conference-CRMUG_200x200


  • 6.  RE: How to restrict access to Cases

    Posted 22 days ago
    ​Not sure if will help in this case (pun intended :-)), but Microsoft suggested to us in a similar situation to use a Team Template with the Associated Record Team Members feature/view.  This access can be applied across Business Units.  Note that with this feature, Teams can cannot be granted access - only individual users.  But if a minority of the cases are created in the confidential business unit, then this may be manageable.

    If it is better to have all of the Cases in the same BU, another MS suggestion was to create separate Entities that act as the parent to the Case records (for example, a Confidential Cases entity and a separate General Support Cases entity) that both contain a lookup field to the Case entity OR create a child Confidential Case entity that is available as a lookup from the parent Case entity.  In either of these approaches, however, there would need to be 'some' information that would be 'OK' to have available from the Confidential Case entity to all users.  For instance, if it was OK to have the Name, Date, Owner of the Confidential Cases available to everyone, then all other Confidential Cases fields that are NOT OK to share could be placed on the child Confidential Case entity.  Users who do not have access to the Confidential Case entity would be able to see common attributes like the name of the case and when it was created, but NOT the child entity where pertinent secure information is housed.  WFs could assist in automating the handling of these child confidential cases.  For example, the WF could check any time a Case record is created or updated and if that Case record has a value in the Confidential Case lookup field, then move or route certain information from the Case entity to the child Confidential Case entity (note it may be best to create custom Actions to assist here).  Similarly, Business Process flows and Business Rules could apply similar restrictions on forms.

    ------------------------------
    Justin Donohoe
    Technical Architect
    Federal Reserve Bank - FRIT
    ------------------------------

    Conference-CRMUG_200x200


  • 7.  RE: How to restrict access to Cases

    Posted 17 days ago
    Thanks Justin

    I haven't seen the actual solution being proposed by our implementation partners but judging by the discussions I have had with them so far it is sounding like it is along the lines you have described. It sounds awfully convoluted but if this is how Microsoft have have suggested it be solved then we will probably have to go down this track.

    In one of the earlier responses Tom has indicated that activities would still be visible, would that be the case for this solution? It is actually the activities that I most want hidden. You can appreciate if a student is engaging our counselling service they would want anything to be visible to anyone other the intended recipient.

    Regards

    Mark

    ------------------------------
    Mark Westerman
    Charles Sturt University
    Thurgoona
    ------------------------------

    Conference-CRMUG_200x200


  • 8.  RE: How to restrict access to Cases

    Posted 9 days ago
    Hi Mark,

    We raised a similar question, and we did not get a great answer.  Activities such as emails are not easy to keep separate within the same BU without some heavy lifting.​

    If you have separate BUs, then you can keep the activities separate but the associated Contacts are then separated as well.  This can lead to additional duplication management and make things more difficult when these contacts do need to be included in other items or cases.  One area that may help in this scenario is by using Associated Record Team Membership and related Access Teams.  This feature makes it a lot easier to share contacts and cases across BUs as needed and then remove them.

    Regards,
    Justin

    ------------------------------
    Justin Donohoe
    Technical Architect
    Federal Reserve Bank - FRIT
    ------------------------------

    Conference-CRMUG_200x200


If you've found this thread useful, dive deeper into User Group community content by role