The behavior explained in this blog has changed a little with introduction of new Azure AD Group teams in Dynamics 365 April 2019 release. To know more about it, click here.
Recently I was conducting a training in Dynamics 365 where I got the same question. Just a quick thought and the answer that comes to mind is “Yes”. After all,
a user’s security role is the sum of the security roles directly assigned to the user + sum of the roles the user derives through it’s association with the Teams (provided teams are given security role)
And here I was, where a user is belonging to a team and the team has a security with all the right privileges assigned to make the user work in Dynamics.
When I assigned the role directly to the user and the user is not part of the team, it just worked fine. Now comes the other way round. I remove the user’s security role, assign the same security role to a team and add the user to the team.
As you can see, the security role is having pretty much everything to access this account.
Login screen below after the user logged in.
Looks awesome isn’t it. The user can see accounts as expected. Just when you think that you have won the hearts of participants with your awesome understanding of Dynamics, Dynamics would throw a stick or two at you.
So I clicked on Account and this is what I get below.
That facepalm moment where you are just thinking, what just happened?
Now time for some recovery. When I click on Advanced find and try to access accounts, I could see them just fine.
You can even create/ read/ write and do all the fancy stuffs as per the role privilege.
Now I just did this trick. I just created a dummy role with absolutely no privilege to any entity and added it to the user. And this time when I click on Sales –> accounts, it just works fine.
So next time when you are up to this, this can save you some awkward moments. Not sure if this a bug or expected behavior but it seems the problem is only with the Home Page grid. Even if I try to read/ write accounts with the user credentials programmatically using SDK, it works fine.
For the home page grid to work, it requires a role to be assigned directly to the user.
Debajit Dutta (Dynamics MVP)