I am working on a CRM 2013 implementation and I have the following requirement:
Salespeople should be able to view all notes within their business unit. They should not be able to delete any notes and they should be able to modify only notes that they created.
I am not new to configuring security role permissions and I have no trouble achieving similar functionality with other entities. Notes however have stumped me.
In the Salesperson security role I configured the note entity as follows: Read: Organization, Create/Write/Append/AppendTo: User, Delete and Assign: None,
The result is that salespeople were correctly able to see all notes. However they were able to delete and note and edit any note within their business unit.
I then did some reading and it seemed that the "Profile Album" permissions under Custom Entities was also somehow related to wall notes. I configured Profile Album as follows: Read: Organization, Create: User, Others: None,
At this point my Salesperson use was no longer able to delete any wall notes. However, they could still edit wall notes owned by their business unit. Just for fun I removed edit permission entirely from the role and the salesperson was correctly unable to edit any records including their own.
Is there a bug with the notes write permission so that the user level confers business unit privileges?