AXForum  
Вернуться   AXForum > Microsoft Dynamics CRM > Dynamics CRM: Blogs
All
Забыли пароль?
Зарегистрироваться Правила Справка Пользователи Сообщения за день Поиск

 
 
Опции темы Поиск в этой теме Опции просмотра
Старый 25.11.2013, 07:12   #1  
Blog bot is offline
Blog bot
Участник
 
25,643 / 848 (80) +++++++
Регистрация: 28.10.2006
Gareth Tucker: CRM 2013 New Features: Access Teams
Источник: http://garethtuckercrm.com/2013/11/2...-access-teams/
==============

The latest release of Microsoft Dynamics CRM comes with a new security model approach for us to consider.  The new “Access Teams” functionality in CRM 2013 suits scenarios where data access rules cannot be easily determined upfront but rather need to be set ‘on the fly’ on a record by record basis.  The common example is where an organization assembles a unique group on individuals for each sales pursuit or to manage each customer.

In this post I will explain the advantages of this new approach over the old approaches we had in CRM 2011 and I will demonstrate how to configure Access Teams.  But first let me show you what this looks like…

Once Access Teams are configured for an entity, you will have a sub-grid on your CRM form from which you can simply pick and choose who to grant access to:



And that’s it, that’s all you need to do as an end user.   Whoever  you select will immediately be granted access to the record and (potentially) to its child records.

How is this achieved?  Well, behind the scenes as soon as you add someone via this sub-grid CRM will create an Access Team, add the user to the Team and then share the record to the Team.  

So there is not a lot of new magic here, this is just Team-sharing automation, now available out of the box.   

Do note though, these new Access Teams are not the same as the traditional Teams we know and love in CRM.  They are stored in the same entity (but CRM views filter them out by default, you have to use Advanced find to see them) but CRM treats them differently to optimize performance.  Traditional record-owning Teams are cached by CRM and when you have users belonging to a large number of Teams you can suffer from performance problems.  These new Access Teams are not cached and that avoids this performance limitation.   However, because behind the scenes this functionality is using Sharing you are vulnerable to the performance issues associated with blowing out the Principal Object Access (POA) table.  Make sure you read this whitepaper a few time.  You also need to consider child records and whether the share will cascade or not (more detail here).  Not cascading will result in records not being visible, cascading will result in more POA records. 



Alternative Approaches

Users can create a Team, add members to the Team and assign the Team as the owner of the record.  Setting this up each time is a clunky user experience.  You lose the distinction of a primary owner and this will result in poor performance once a user belongs to too many teams.  On the plus side there is minimal POA impact.  Do consider though, do you still want a specific individual identified as the Owner of the record (perhaps with additional permissions) or is it ok to just have a Team specified?   You could always put a custom User lookup field on the form if calling out an individual was important.

Alternatively, you could stick with one record owner and have users manually Share to grant permissions out to individuals.  Again the user experience with setting this up each time is clunky and with this approach you can also hit performance problems if dealing with larger volumes due to the number of sharing records generated in the POA table. 



Setting up Access Teams

The configuration experience for Access Teams is a little rough.  There are 3 keys steps:

1. Enable Access Teams on the entity:



2. Configure a Template:



The template is what defines what permissions the Access Team members receive:



3. Add a “Users” sub-grid to the form configured…  just right:



 

Using Multiple Templates

If you would like to use Access Teams but want to say grant some team members full access and others read-only access you can achieve this with multiple templates and multiple sub-grids.

I define a new template:



And then reference it on a second sub-grid:



And that gives me this:



 

Now, if you are trying this out and sub-grid is not behaving itself, perhaps displaying unrelated users that it shouldn’t be try removing the sub-grid, publishing the change and then re-add it, making sure you set the Default View and and Team Template correctly:



I have found that if you set these wrong initially the sub-grid breaks and correcting the values doesn’t solve the problem, you need to recreate the sub-grid.

 

So, is this is a good feature?  Should you use it? 

If you aren’t dealing with large record volumes (e.g. hundreds of thousands or millions of records) then sure, consider it, but test the cascading behavior carefully to make sure team members get all the access to child records you expect.  Look out especially for referential relationships, they may give you grief.  If you are dealing with large record volumes you need to use this approach with caution.  Any large scale use of Teams and/or Sharing leads you into tricky performance territory and this approach doesn’t avoid that.  Microsoft have done their best to mitigate things with this approach but its still vulnerable.  Your life is going to be a lot easier if you can get by with a Business Unit security model.  If it was my choice and I was not influenced by regulatory requirements a Business Units design would always be my approach.  Too often CRM customers have an unjustified need to lock down data access and it just causes unnecessary problems.




Источник: http://garethtuckercrm.com/2013/11/2...-access-teams/
__________________
Расскажите о новых и интересных блогах по Microsoft Dynamics, напишите личное сообщение администратору.
 

Похожие темы
Тема Автор Раздел Ответов Посл. сообщение
crminthefield: Podcast and Overview: Microsoft Dynamics CRM 2011 Update Rollup 15 Blog bot Dynamics CRM: Blogs 1 10.02.2016 10:26
Gareth Tucker: CRM 2013 New Features: Business Process Flows Blog bot Dynamics CRM: Blogs 0 17.10.2013 04:36
crminthefield: Podcast and Overview: Microsoft Dynamics CRM 2011 Update Rollup 14 Blog bot Dynamics CRM: Blogs 0 12.07.2013 07:13
crminthefield: Podcast and Overview: Microsoft Dynamics CRM 2011 Update Rollup 13 Blog bot Dynamics CRM: Blogs 0 27.03.2013 22:12
crminthefield: Podcast and Overview: Microsoft Dynamics CRM 2011 Update Rollup 10 Blog bot Dynamics CRM: Blogs 0 17.08.2012 03:27

Ваши права в разделе
Вы не можете создавать новые темы
Вы не можете отвечать в темах
Вы не можете прикреплять вложения
Вы не можете редактировать свои сообщения

BB коды Вкл.
Смайлы Вкл.
[IMG] код Вкл.
HTML код Выкл.
Быстрый переход

Рейтинг@Mail.ru
Часовой пояс GMT +3, время: 00:17.