Restrict ability to update other’s personal settings/option.

Ability to restrict ability to update other’s personal settings/option for out of the box roles is not available; In technical terms, option to set “Basic” level of access for “User Setting” privilege in any custom or out of the box Security role is not present. Current options are None, Local(BU level), Deep( Parent Child BU) or Global (Organization). And for most of the out of the security roles default privilege is set to Local(BU level).

Local(BU level) access level allows an users to change personal options/setting for other users using D365 SDK or community tools. Currently there are no means to block an user to update setting for other users if we would like to keep personal option setting enabled.

This is a security issue/gap and here is a scenario –

We need to keep Personal Options enabled to use set configurations for out of the box features and Outlook Email Tracking using server side sync is enabled for user A and User B. In current out of the box behavior, User A can change the “Email Filtering” settings to “All email messages” for User B who would like to keep the setting as Email messages in response to Dynamics 365 email” which may potentially sync other users outlook emails to CRM.

Leave a Reply