D365 – Team Owned Entities

Whilst Dynamics 365 has evolved to an Enterprise grade solution, its Security Model still carries legacy from its earlier days as a CRM designed for SMB’s. I refer to the lack of an Out-of-the-Box solution to view records which are owned by Team Members; without giving access to an entire (sub)BU.

Dynamics 365 by default offers security on Organization, (Parent/Child) BU and User levels. Even though it is technically possible to have records owned by a Team, there is no default behavior that supports this.


Imagine a User creating an Account. By default this User will be assigned as the Owner of the Account. Users with role privileges on the Account Entity up to “User” will not be able to access this Account. Supplying access to the Account is possible in the following ways:

  • Manually share the Account with User(s) and/or Team(s)
  • Manually reassign ownership of the Account from User to a Team
  • Configure security roles to allow access at least on (Parent/Child) BU or Organizational level

In other words, D365 does not offer an automated and/or consistent way to share records (like Accounts) strictly on Team level. However it does come with all the ingredients to make this happen, even without the need for custom coding:

Here is how

Step 1 – Add Field to User Entity
Create a new Business Required Lookup Field called “Default Team” on the User Entity:

Add the Default Team Lookup Field to the User Form:

Step 2 – Add Fields to Account Entity
Create a new Business Required Lookup Field called “Account Manager” on the Account Entity:

Create a new Business Required Lookup Field called “Owning Team (User Specified)” on the Account Entity:

Move the Out-of-the-Box “Owner” Field from the Header to the Body of the Account Form; AND hide it by default:

Add the newly created Fields to the Header of the Account Form:

Step 3 – Create Workflow
Create a Workflow on the Account Entity:

Trigger the workflow when:

  • Record is created
  • Record fields change:
    • Account Manager
    • Owning Team (User Specified)

Details on Step “Throw Error”:

Value: User “{Full Name(Owning User (User)))” is not configured with a Default Team.

Details on Step “Set Account Manager”:

Details on Step “Set Owning Team”:

Details on Step “Assign Record to Owning Team”:

Step 4 – Configure Security Role
Users with Security Roles configured with User Read access, will be able to see the Accounts owned by Team Members:

Post Deployment Activities

  • Assign a Default Team to all Users in the system
  • Assign a Security Role, having Read Privileges on Account, to all Teams

Leave a Reply

Your email address will not be published. Required fields are marked *