How it works...

In step 1 to step 3, we created the business unit hierarchy and, in step 5 and step 6, we created a global security role to give users read access to all Accounts and Contacts.

Security roles are based on ownership. If a record belongs to a user from a sibling business unit, the reused security role from the previous recipe won't give you any access to it. However, the global read security role will give you read access.

The global read was created at a child business unit level; therefore, only users belonging to that child business unit will be able to get assigned the security role.

The security roles and business units can work in a range of combinations. For instance, if a user belongs to the Packt business unit, then the Parent: Child Business Unit read role allows the user to read across the entire organization because the user is at the root level. However, if the user belongs to a child business unit, then they can only read records owned by users at their level (or below).

When you assign a user to a new business unit, the user loses all its security roles. Beware when reassigning administrators (or your own user) to new business units.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.191.202.240