Symptoms

Consider this scenario:

The Account-Contact Parental relationship is set to configurable cascading, while sharing is set to Cascade None. The security role for users provides them with user level access to the Account and Contact entity records for all the privileges. An administrator who has the System Administrator role in CRM owns an account and shares it with two users. Both of these users have a custom security role as described above giving them access to their own Account and Contact records. A contact created by one user under Account that is owned by Administrator is by default visible to the other user.

Example:
1. User by name Admin has default System Administrator role in CRM. 

2. Alan Jackson and Ben Burton are two users in CRM whose security role gives them access to only their own Account and Contact records for all privileges.

3. Admin has modified the Account-Contact Parental relationship to set to Cascade None for Sharing. 

4. Admin creates an Account in CRM named "Account1 by Admin" and shares this Account with Alan Jackson and Ben Burton. 

5. Alan opens Account record "Account1 by Admin"  in CRM then creates a contact under this Account by clicking on Contacts in left navigation pane, New Contact Button, names this contact as "Alan's contact".

6. Ben logs into CRM, points to Workplace, click Contacts, and changes the view to Active Contacts. Contact "Alan's contact" owned by Alan is visible to Ben even though Ben's security role assigns privileges to his own Contact record.

Cause

The child contact created by a user under an account runs through a Reparent operation which will share the child contact with the same users who have shared rights to the parent account. The Cascade Sharing option is controlling only the sharing operation, which is not executed in this situation, as the sharing operation for the parent record has occurred before the creation of the child record.

Resolution

Such visibility of child records to users can be avoided by changing Cascade-Reparent to None on account_contacts relationship properties.

Note: Any time a record is shared via cascading, any shared records are irreversible.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×