This is the third in a series of posts on the best way to assign record ownership in Dynamics CRM. Part 1 looked at the pros and cons of the System User Ownership model, while part 2 examined the Team Ownership approach. In this final post, we’ll look at a Hybrid/Merged Model approach.
The Hybrid/Merged Model Approach to Record Ownership
Between two absolutes, there is always a happy medium, such as the multiple shades of grey merged by black and white. With Business Units or Teams, there is the approach of Business Units AND Teams for those who want to use a mixed model and reap the benefits of both options. Let’s take a look at what this would look like.
Your company has a classic divisional structure that is reflected as CRM business units in your deployment, with separate business units for finance, human resources, sales, and other various divisions. The employees for each division are added as users to the corresponding CRM business unit. Security roles are applied to users of the system to manage their permissions to records.
To complicate things a bit, let’s assume there is a need for a cross-team project requiring a look at various records across multiple business units. This project team has a fixed duration, say six months, after which the team will be deactivated.
As you would guess, the project team would be set up as a team, and its members would consist of users across multiple business units. The team would have one or more security roles associated, depending on the level of access that team members need, and perhaps even new custom roles created just for this team.
What Works In This Method:
- Flexible Permission Model: Assigning records to users and sharing with teams, or vice versa, gives you multiple ways to expose a record to someone, provided they have the appropriate permissions.
- Teams Support Business Units: By providing user information and keeping it in sync with your management hierarchy, you can maintain escalation paths by using the team owner as a starting point.
- Exception Management: Teams created for special permissions can make access to records easier. Trying to remember why the corporate audit team has permissions to a record is easier than remembering why Tom has access (or even who Tom is).
What Doesn’t Work In This Method:
- Obfuscated Security: Since teams can be assigned roles and own records, there is an additional layer of drill-down required to see who has specific access to a record.
- Team Accountability: Out-of-box teams have a glaring hole regarding team member roles. A quick customization can fix this, but this requires expertise. Connections provide a gap to this, but it’s another place to look for information.
- Customized “My Views”: Default entity views for My Items require a system customizer to modify the view to include items owned by the user’s team. It’s an easy change to make, but needs to be modified in a number of views, including new entities created in the future.
Some Final Thoughts On Which Option May Be Right For You
Teams have definitely made it easier to administer users and record permissions in Dynamics CRM 2011. Teams make it easier to make records available to multiple people in one swipe, and with a little customization to the team entity, you can dramatically improve the self-management and self-documentation for record ownership. In existing deployments, Teams extends the knowledge transfer while preserving the structure already in place. For functionally organized companies where a more open data sharing policy is in place, teams promotes the sharing of information with minimal security administration.
However, if your company’s primary success criteria is data security, system user ownership would be a better approach for you. Data security requires knowing who has access to information, and it is far easier to achieve this goal with system user ownership and security roles due to less obfuscation of permissions.