Thanks for the video; it was really useful. I just wanted to add two points related to this. One is that if you deploy this BR to other environments, the BR would fail to deploy/activate because of invalid reference due to hard coded BU GUIDs in the BR. The other point is that if someone assigns a record manually using the Assign button in the command bar, the record will most likely move out of that business unit and onto the new owner's unit.
Hello - thanks for putting together this video. This was very helpful. Looking at the fields in a Dataverse table i see there is Owning Business Unit, Owning Team, and Owning User. I will also do some research into the Owning Team and Owning User fields to see how they can be used. Any chance you want to make a video on those ....😁
How would this work with Power Pages and the Contact List? I would want users from one client to only see their client records. Some users (internal or consultants) could see more than just the one client's records. Right now I have been trying table permissions per Account but that doesn't allow viewing more than one account at a time. Looks like permissions are linked to a person through Contacts or Accounts.
It should the same. As the permissions I am setting in the video are Dataverse roles and Business units. You might be able to use the sharing feature. For example: restrict all records, than have client records assigned (shared) to the user who owns their contacts. For additional help in your scenario. You can also post in the community forum: powerusers.microsoft.com/t5/Forums/ct-p/mpp_forums
@@flowaltdelete I started with making a Client table that had all the different accounts then an Account1, Account2, Account3 column matrix to build a hierarchy. Then I ended up using the Parent Account column in Account table to set up a hierarchy 3 levels deep. The fun part was hashing out 3 different levels of Account-Table, Account-Parent Account-Table, and Account-Parent Account-Parent Account-Table of account level access for an edit web role. Then all over again for the view web role. Lots of table permissions but I managed to delete that superfluous Client table. Now each Contact will have access to different rows depending on their Account as well as where that Account sits in the Parent Account hierarchy. I can see everything. My consultants can see their stuff and their client's stuff. Clients can see just their stuff. Figured I'd better circle back here.
This was very helpful. I changed a user to a different business unit and updated her security role to Parent Child Business Units level on all my custom tables. She can no longer see the records on the Lookup tables that someone else entered in the Original Business Unit. Can you tell me what I might have done wrong?
If an environment has many business units a user could select one the does not make sense. Using a choice field limits the options. An environment may have 100s of business units that have nothing to do with stores
hi flow alt delete. really appreciate the video! But i ran into a problem that others might have aswell. My problem is that my new users, being added to the business units in the way you've said, cant view the table of interest in dataverse. Instead, an error message appears: 'We couldn't load your data. Please try again later'. What my general background is: - I am an admin in a dataverse development environment. In this environment I created a table in which i need row level security. - i created a new test user, and have just added it to this development environment in hope it will enable the user to see the table. - and i have followed the steps in this video to implement record level security in this table, and have assigned the new test user to a 'child' business unit. I have been stuck on this for ages! Let me know a solution (anyone)
Thanks for the video; it was really useful. I just wanted to add two points related to this. One is that if you deploy this BR to other environments, the BR would fail to deploy/activate because of invalid reference due to hard coded BU GUIDs in the BR. The other point is that if someone assigns a record manually using the Assign button in the command bar, the record will most likely move out of that business unit and onto the new owner's unit.
What would be a soultion to the issue regarding deploying to other environments? is a flow better suited for setting Owner (BU)?
Fantastic demo. MVPs really suck at explaining this concept.. you nailed it.
This Video was very informative. Make more videos on Business Rules and Dataverse Table relationships
Great demo Josh!
Thanks John!
Hello - thanks for putting together this video. This was very helpful. Looking at the fields in a Dataverse table i see there is Owning Business Unit, Owning Team, and Owning User. I will also do some research into the Owning Team and Owning User fields to see how they can be used. Any chance you want to make a video on those ....😁
Thanks for sharing. Maybe expand it to have a global role that will see all the records.
Great idea!
Thank you for this video! Is there a way we can set more than one teams as owning team of the record?
How would this work with Power Pages and the Contact List? I would want users from one client to only see their client records. Some users (internal or consultants) could see more than just the one client's records. Right now I have been trying table permissions per Account but that doesn't allow viewing more than one account at a time. Looks like permissions are linked to a person through Contacts or Accounts.
It should the same. As the permissions I am setting in the video are Dataverse roles and Business units.
You might be able to use the sharing feature. For example: restrict all records, than have client records assigned (shared) to the user who owns their contacts.
For additional help in your scenario. You can also post in the community forum:
powerusers.microsoft.com/t5/Forums/ct-p/mpp_forums
@@flowaltdelete
I started with making a Client table that had all the different accounts then an Account1, Account2, Account3 column matrix to build a hierarchy.
Then I ended up using the Parent Account column in Account table to set up a hierarchy 3 levels deep. The fun part was hashing out 3 different levels of Account-Table, Account-Parent Account-Table, and Account-Parent Account-Parent Account-Table of account level access for an edit web role. Then all over again for the view web role. Lots of table permissions but I managed to delete that superfluous Client table. Now each Contact will have access to different rows depending on their Account as well as where that Account sits in the Parent Account hierarchy.
I can see everything. My consultants can see their stuff and their client's stuff. Clients can see just their stuff.
Figured I'd better circle back here.
This was very helpful. I changed a user to a different business unit and updated her security role to Parent Child Business Units level on all my custom tables. She can no longer see the records on the Lookup tables that someone else entered in the Original Business Unit. Can you tell me what I might have done wrong?
One user can be part of max one BU and not multiple
Why do you use the choice field and not just have the Owning BU field on the form?
If an environment has many business units a user could select one the does not make sense.
Using a choice field limits the options.
An environment may have 100s of business units that have nothing to do with stores
hi flow alt delete. really appreciate the video! But i ran into a problem that others might have aswell.
My problem is that my new users, being added to the business units in the way you've said, cant view the table of interest in dataverse.
Instead, an error message appears: 'We couldn't load your data. Please try again later'.
What my general background is:
- I am an admin in a dataverse development environment. In this environment I created a table in which i need row level security.
- i created a new test user, and have just added it to this development environment in hope it will enable the user to see the table.
- and i have followed the steps in this video to implement record level security in this table, and have assigned the new test user to a 'child' business unit.
I have been stuck on this for ages! Let me know a solution (anyone)