How to make records private without complex security models

Recently I got a request from a customer where they wanted to achieve the following: - Management should be able to view all records from a specific entity - Users should be able to view all records from a specific entity, but should also be able to ‘hide’ their own records when they are in a sensitive state.

After doing some research I found a great blog post from PowerObjects on this topic, which I used as an inspiration for my own solution.

Requirements for the solution:
- CRM environment that needs the modification
Workflow Essentials from Gap Consulting, or MS CRM Workflow Utilities Solution from CodePlex.
For this blog I am using a custom entity called ‘Visit’, and using the Workflow Essentials component from Gap Consulting. The Workflow Utilities Solution works exactly the same.

Step 1: Set up Security Roles

Since the organization that requested this solution did not have a need for a complex security model. Basically there were just 2 levels: Management and employees.
The security for the Visit-entity has been set up as follows:

So by default, users will only be allowed to view their own records, and management is allowed to view all records.

So by default, users will only be allowed to view their own records, and management is allowed to view all records.

Step 2: Create a field to publish or hide records

For my visit-entity, I’ve created a two-option field called ‘Published’ that determines whether a record should be visitble for the entire organization. The default value of this field is Yes, so if users want to hide a record, they would have to switch this field:

Step 3: Create a workflow to Share / Unshare the record based on this field

Now comes the funky part. Based on the value of the ‘Published’ field, the record needs to be shared with the default team. If the record is not published, it needs to be un-shared.

Set the workflow to trigger on the creation of the record, and on the change of the ‘Published’-field. Set the workflow to run real-time:


First, add the check condition to check for the value of the Published-field. Then, within the check condition, use the Custom Workflow Activity:


Set the properties for this step as follows:

 

Add a conditional branch to Unshare the record if the Published field equals No. Add the custom workflow activity to Unshare the record.
All in all, your workflow should look something like this:

 
Activate the workflow, and we’re all done.

Conclusion

With a combination of standard CRM security roles and a third party solution available in the market, we have been able to create a simple and easy to configure solution to achieve exactly what the customer was looking for!

Happy CRM-ing!

 

 


Terug naar overzicht