cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
Anonymous
Not applicable

Dataverse Security Business Unit, Team & Ownership

‎05-21-2021 09:03 PM

If an user is part of BU1Team and BU2Team , if he creates a record, then will that data be accessible by exclusive members of both BU1Team and BU2Team?, basically, which business unit would be the owner of the record created by the user.

 

thanks

Labels:
Message 1 of 5
646 Views
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
ChrisPiasecki
Super User
Super User
In response to Anonymous

‎05-22-2021 06:04 AM

Hi @Anonymous,

 

Yes a user can be part of multiple Teams that are in different business units.

 

  1. BU1 owns the record.
  2. BU2Team members will not have access. 
  3. If a user moves business units, the records the user directly owns come with them and are now owned by the new business unit (e.g BU2), but records owned by a team will not be impacted. If the user is deactivated then that means they no longer belong to a business unit and team. Users that have  a security role with only user/team level access will lose access to the deactivated user's records. If they have business unit or organization level access then they should still have access as the owning business unit still remains the same. Having records owned by a Team instead of a user is recommended wherever possible to lessen the impact of a disabled user. 

 

---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.

 

View solution in original post

Message 4 of 5
583 Views
4 REPLIES 4
ChrisPiasecki
Super User
Super User

‎05-21-2021 11:20 PM

Hi @Anonymous,

 

Any user or team can only belong to one business unit. It would be the business unit that the record owner (user or team) belongs to that the record would also belong to.

 

Here are a few different possible scenarios. This assumes that the relevant security roles on a specific table are set to "user level access" only.

  • Record owned by BU1Team. Members of BU1Team will have access BU2Team will have no access. 
  • Record owned by a user that belongs to BU1Team. 
    • If Team member privilege inheritance is enabled, then members of the BU1Team will have access. BU2Team will have no access
    • If Team member privilege inheritance is NOT enabled, then only the owning user will have access.

---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.

 

Message 2 of 5
607 Views
Anonymous
Not applicable
In response to ChrisPiasecki

‎05-22-2021 12:04 AM

Hi @ChrisPiasecki,

 

Thank you for your reply, much appreciated, just a follow on question, 

 

I presume though the user or team can only belong to one business unit, one user can be a member to 2 different teams which are again part of  different business units. In this specific example below, BU1User is part of both BU1Team as well as BU2Team. In this scenario, if BU1User creates a record in an entity (user or team owned),  Q:

1. Which business unit will have ownership of the record?

2. Will the BU2Team members have access to the record

3. What is the impact on the ownership of the record. if the user is moved to a different business unit or completely deactivated.

Please correct me, if my assumption is incorrect , 

raj7474_1-1621666332230.png

 

 

 

 

 

Regards,

Raj

Message 3 of 5
599 Views
0 Kudos
ChrisPiasecki
Super User
Super User
In response to Anonymous

‎05-22-2021 06:04 AM

Hi @Anonymous,

 

Yes a user can be part of multiple Teams that are in different business units.

 

  1. BU1 owns the record.
  2. BU2Team members will not have access. 
  3. If a user moves business units, the records the user directly owns come with them and are now owned by the new business unit (e.g BU2), but records owned by a team will not be impacted. If the user is deactivated then that means they no longer belong to a business unit and team. Users that have  a security role with only user/team level access will lose access to the deactivated user's records. If they have business unit or organization level access then they should still have access as the owning business unit still remains the same. Having records owned by a Team instead of a user is recommended wherever possible to lessen the impact of a disabled user. 

 

---
Please click Accept as Solution if my post answered your question. This will help others find solutions to similar questions. If you like my post and/or find it helpful, please consider giving it a Thumbs Up.

 

Message 4 of 5
584 Views
dpoggemann
Super User
Super User

‎05-22-2021 06:26 AM

Hi @Anonymous,

 

For #2 in my experience it depends on the roles assigned to the Team.  If you have "Deep" or "Local" at (https://docs.microsoft.com/en-us/power-platform/admin/security-roles-privileges) role assigned to the Team in BU2 hen the team members in BU2 will have access to the records based on this security for the Create, Read, Update, Delete, etc. even if owned by the user in BU1.

 

Hope this helps.  Please accept if answers your question or Like if helps in some way.

 

Thanks,


Drew 

Hope this helps. Please accept if answers your question or Like if helps in any way.
Thanks,
Drew
Message 5 of 5
577 Views

Helpful resources

Announcements
Power Apps News & Annoucements carousel

Power Apps News & Announcements

Keep up to date with current events and community announcements in the Power Apps community.

Community Call Conversations

Introducing the Community Calls Conversations

A great place where you can stay up to date with community calls and interact with the speakers.

Power Apps Community Blog Carousel

Power Apps Community Blog

Check out the latest Community Blog from the community!

View All
Users online (4,212)