Check access to a Dynamics 365 CRM record using ‘Check Access’ button

By | February 18, 2021

Introduction:

The most common issue that user faces while working on entity records is the access issue. Due to insufficient privilege, user sometimes finds it difficult to work on the records. So, to overcome this and let user themselves know the assigned privileges, Microsoft has added a new button on the records called ‘Check Access’ using which user can easily check out their access to the records. Also, user can get to know how they got those privileges i.e., via security roles, sharing, directly assigned or via team user belongs to.

How it works?

1) Open an Entity record for which you want to check access.

For example: Go to Account entity and open Account record as shown below:

Check access to a Dynamics 365 CRM

2) Click on Check Access button from the command bar.

3) The Check Access dialog box will be displayed with access information. Let’s explore the information that is displayed on the dialog box.

User Lookup:

This lookup field will only be displayed to the users having ‘System Administrator’ security role. Using the user lookup field, user can check the access/rights/privileges of other users.

Access:

User will be able to see and verify that they have required rights to perform an action on the record such as Read, Write, Create, Delete, Append, Append To, Assign and Share.

And by clicking on each action, user can see how respective access has been obtained.

Access via Security role:

  • Assigned Directly:

It shows that the selected record is owned by the logged in user and displays the security role through which user got access of the particular action on the record (i.e., Read, Write, Create, Etc.) and the privilege level (User level, Business Unit level, Organization level, etc.) of the same.

For example: In this case, logged in user is having ‘Salesperson’ security role assigned and has ‘Organization level Read’ Permission of selected record.

  • Assigned to Team I’m member of:

It shows that logged in user is not having direct access of record i.e. via own security role and got access of the particular action on the record (i.e. Read, Write, Create, Etc.) via team user belongs to.

For Example: In this case, logged in user belongs to ‘TEAM’ team having ‘Sales Manager’ security role assigned which contains ‘Business Unit level Create’ Permission of selected record.

Access via sharing record:

If the record is shared with the logged in user, or the team user belongs to or the organization then shared access will be displayed. There are below possibilities of user getting access of records via shared access.

Record Shared with me:

If the checkbox is checked that means the selected record is shared with the logged in user to perform certain action on the record.

Record was shared with me because I have access to related record:

If the checkbox is checked that means logged in user is having access of related record of the selected record which is shared with the user.

For example: Account and Contact are related to each other and if Account record is shared with the current logged in user then on related contact record, this checkbox will be checked.

Record was shared with Organization:

If the checkbox is checked that means the selected record is shared with the organization to perform a set of actions and logged in user got access to record because user is present in the organization.

Record was shared with the team(s) that I’m a member of:

If the access checkbox is checked that means record is shared with the team and current logged in user belongs to the same team.

Record was shared with the team(s) that I’m a member of because team has access to related record:

If the checkbox is checked that means logged in user is having access of related record of the selected record which is shared with the team in which logged in user is present.

For example: Account and Contact are related to each other and if Account record is shared with the team current logged in user belongs to then on related contact record, this checkbox will be checked.

Access via Hierarchy Setting:

The hierarchy access only takes place if Hierarchy Security management is enabled in that organization and for that entity, and if the user is a manager.

Record is owned by direct report:

If the access checkbox is checked that means logged in user is set as manager on the user record who is owner of the selected record.

Record is owned by a team my direct is a member of:

If the access checkbox is checked that means current logged in user is present in the team which is set as the owner of the selected record.

Record was shared to by direct report:

If the access checkbox is checked that means current logged in user is set as manager on the user record with whom the selected record has been shared.

My indirect report has Read access to record:

If the access checkbox is checked that means other users present in the user hierarchy at low level is having Read Access of selected record.

Conclusion:

In this way, ‘Check Access’ button makes much easier for the user to find out the security role involved and how the user got access to the particular record.

Leave a Reply

Your email address will not be published. Required fields are marked *