Business Units vs Teams in CRM 2011

Asked 16/11, 2011 at 1:47 Answered 9/5, 2014 at 10:54

dynamics-crm dynamics-crm-2011

I've been told a few times that Business Units in CRM 2011 are "tricky" and shouldn't be set up lightly since they have irreversible consequences for a CRM 2011 implementation.

On the other hand, teams in CRM 2011 seem much more flexible in managing record security.

For what reason would I still choose to set up Business Units in CRM 2011? What can I do with Business Units that I can't with Teams (and vice versa)?

Rexanne answered 16/11, 2011 at 1:47 Comment(0)

Business Units are important for the security concept of Dynamics CRM. They define a kind of a boundary within you can define specific roles or permissions. They are also used to represent an organization structure.

Teams are used for ownership of a record (new feature in CRM 2011), which is handy if you can't define a single owner. They are also used for easier sharing - you could share a record with a team, instead of sharing it with multiple persons. Another usage is to grant permissions to multiple users with grouping them into a team and assign a security role to the team.

Percolation answered 16/11, 2011 at 9:57 Comment(2)

Thanks ckeller ... so if I don't need "hard" security partitions but just want the ability to limit access to a handful of records, teams would do what I want? – Rexanne 17/11, 2011 at 6:16

Mostly. Sharing only works if the user has at least "Basic" permissions for the type of access the sharing user is granting to the record. A user who is denied access to edit any Case record won't be able to change a Case shared with him, even if the sharing user allowed it. By contrast, Organization-level access to a record makes sharing the record moot. But, provided the user has permissions of a level anywhere between User and Parent:Child BU, sharing allows access that a user would normally have within their scope to a record lying outside their scope. – Overhappy 5/8, 2013 at 18:18

Create a separate, new Business Unit (BU) at a higher BU level than all of the other User BUs (to avoid security role Parent:Child Business Unit permissions), then create a Team in that Business Unit.
Next, assign a security role to the new Team. Set the security role to be restricted Read at the BU level (half a pie). Then, assign the "special" records to the Team.
Next, put the people who you want to see the records into the Team. They will inherit the Team's security role permissions and will be the only ones in the company that can see those specific records.

You don't necessarily have to assign records to the team if you can just assign them to a user in that BU. However, you may need to assign the records to the Team if you don't have a user in the BU.

**NOTE: Watch out for Parent: Child Business Unit or Organization level permissions. The BU hiearchy would then play a role here. *Be sure to test this before you put this into production**

Pilocarpine answered 8/9, 2012 at 1:4 Comment(0)

Please follow below links which help alot

http://andrewbschultz.com/2011/08/09/business-units-bus-and-security-roles-in-microsoft-dynamics-crm-2011-solution-exports/

http://andrewbschultz.com/2011/06/17/the-architecture-of-team-security-in-crm-2011/

Thanks,

Fabrianne answered 9/5, 2014 at 10:54 Comment(0)

Recommended topics

Hot tags