Microsoft CRM has a security model feature which is not well documented but can be of use when designing the security for your CRM implementation. The concept is that with CRM configured a certain way you can ensure that child records created in CRM are automatically shared to the owner of the parent record. A common place you might want to do this is with customer records (Contacts and Accounts) – where you might like any child records added to these records by other users to be always visible to the owner of that Customer record. CRM utilizes Shares for this but these are hidden shares that you will not see in the CRM UI. They do exist in the PrincipalObjectAccess (POA) table though. Because Sharing is used, users are able to see records above and beyond what their security role permits. i.e. A user’s security role may grant them…
View original post 774 more words
Sreeni Pavalla's Blog 