The latest update in Dynamics 365 permits record owners to inspect User Access Lists. The accessibility to a given record in Dataverse, a data management tool, is determined through two primary checks: Privilege and Access.
The precondition to complete any action with a record is passing the Privilege Check. This process is in place to ensure that the user holds the necessary privilege for the table in question. If not, they receive an access denied error. For an action to be carried out successfully, a user must either have the privilege directly assigned or be a member of a team with the requisite privilege.
For instance, to create an Account record, the user should have the Create privilege through a security role assigned to them, or the team they are a part of. While designing or modifying a security role, a privilege, alongside an access level, is attributed to the role. This access level is not considered in the privilege check, only in the subsequent access check.
Once the Privilege Check is successfully passed, the Access Check is executed. This verifies if the user has the mandatory rights to carry out the action they are attempting. Four different ways exist whereby a user may have access rights:
Amid these, it is plausible that the user has access to perform the necessary action via multiple avenues. Ownership allows for access to a record, either owned personally by the user or owned by the team to which they belong.
With Role access, the access level of the privilege a role has is important. There are 4 main scenarios relating to different access levels which are not User level. These involve different conditions based on if the record belongs to the user or a team the user is part of, or if it belongs to the same business unit as the user or as the team of which the user is a member of, etc.
Shared access grants the user entry to a record without having an explicit role assigned. This can come into effect when a record is shared with a user, team, or organization by a user who has the correct share rights. There are 5 ways a user can have shared access to a record which includes the record or a related record being shared with the user directly or with a team the user belongs to or being shared with the whole organization.
The last type of access is Hierarchy access, reserved for users who are managers and is only possible if Hierarchy Security management is enabled in that organization and for that table. Certain conditions must be met for a manager to gain access.
Finally, there is an option on the command bar - 'Check Access' through which users can view how they were granted access to the record. They can also see other users who have access to the record and their respective access level. The configuration of this feature is managed via two environment database settings.
User roles and permissions are fundamental features within all data management tools, the notion being that certain records must be restricted to certain users dependent on their positions within the organization or access levels granted. It is essential for security and controlled data access. Configuration of user roles and permissions often involves management approval and is typically flexible to cater to the diverse needs of different organizations. The main objective is to protect data integrity while enabling efficient data access for all users. In this vein, updates such as these from the Dataverse platform continually evolve to provide more security and efficiency to its users.Read the full article Latest Update: Dynamics 365 Record Owners Now View User Access Lists
The latest update from Dynamics 365 introduces a unique feature that allows record owners to view the user access list. This essentially enhances transparency, accountability, and security within the platform. To understand the ins and outs of this feature, there's a little we need to unpack.
The key to understanding this subject revolves around 'action access' in the Dataverse, and the different ways of obtaining this. To execute an action such as creating, reading, writing, deleting, appending, appending to, assigning or sharing a record, two major checks are carried out. These include privilege and access checks.
A privilege check is the preliminary barrier that validates if a user has the required privilege for that table. Every table, whether inbuilt or custom, has varying privileges to facilitate interaction capabilities with the records of that type. Think of it like permissions where specific actions require their corresponding privilege.
To illustrate, for Account, the privileges are : Create, Read, Write, Append, Append To, Assign, Share. All these serve specific functions. Note that for any action to be performed on a record, the user needs to possess the required privilege directly assigned through a role or be a member of a team with the privilege assigned on the security role. If these conditions aren't met, the user is denied access.
On passing the privilege check, the access check is next. Four different ways exist in which a user can have action access in a particular record. These include: Ownership, Role Access, Shared Access, and Hierarchy Access. As though to cover all bases, these are all checked during the access check. It's quite possible that a user can perform the required action on the record in more than one way.
Ownership implies that a user has access to a particular record simply because they own it or they belong to a team that owns the record.
Role Access grants user access to perform an action on a record because of the security roles they hold. Also, this access changes based on different scenarios related to Business Unit-level access privilege, Parent: Child Business Units access privilege or Organization-level access privilege.
Shared Access provides access to a record without any explicit role assigned. This type of access is obtained when a record is shared with a user, team or organization by a user possessing appropriate share rights.
Hierarchy Access is enabled only when Hierarchy Security management is enabled. Hierarchy access is available if the user is a manager and satisfies the necessary conditions.
Every record displayed in the web client has a 'Check Access' option allowing users to see how they were granted access to the record. Users can also see other users who have access to the record and their respective access level. This fantastic feature requires the enabling of specific settings in the environment database.
All these features and privileges neatly tie into the idea of improving transparency, accountability and security within the application. Microsoft has a host of free and paid resources to learn about these Dynamics features, such as their online tutorials, forums and user guides.
Lastly, keep yourself updated with more such features and tricks on Dynamics' official website, weekly magazines or subscribe to their newsletters for regular updates.
Dynamics 365 Update, Record Owners, User Access Lists, Dynamics 365 Record Owners, Latest Dynamics 365 Update, Dynamics 365 User Access, Dynamics 365 Access Lists, Update Dynamics 365, Dynamics 365, User Access Update