Dynamics CRM access check flow

0
votes

I am trying to find out how Microsoft has built access check flow in Dynamics CRM. What is the order of checks(security role, team, sharing)? The reason is that I came to a project where they created logic to share all records of one entity with a team, based on some criteria. All users are members of this team. Now we have a lot of records in POA table regarding this entity and one of my queries times out if it is not ran by user with admin permissions.

I wonder if it would be more efficient if this team was owner of a record instead of a record being shared with the team? Will CRM check user's membership in the team before running through POA table?

Thanks in advance.

1
sqldynamics-crm-2011

1 Answers

0
votes

Based on your description I'm assuming the following:

  1. All records of some entity, call it new_entity, are shared to a specific team, call it TeamA.

  2. All users are a member of TeamA.

They could eliminate the sharing and team membership altogether by giving all users the desired permission to the entity type in question.

It will certainly be more efficient to have everyone be a member of the team than it would be to share with the team, since it will mostly eliminate the POA table. That said, how big is the POA table? POA used to be an issue but at this point, if they are up-to-date on Rollups, most POA issues are a result of bad queries, missing indexes, or poor disk/memory configuration on the SQL server.