PL400 : configure business units and teams (Configure Microsoft Dataverse Security)

Business units are core components of security model and these components work like framework on which a security model is built. These components provide security and structure for grouping users and are often used to replicate the departmental or division structure of an organization. Each user assigned to a Dataverse environment will belong to a business unit. The first business unit created for an organization is called the root business unit. Business units can be deleted, however, the root business unit cannot be deleted. System Administrator has full permission to customize or administer the environment, including creating, modifying, and assigning security roles and can view all data in the environment. 


 A Business Unit is a logical grouping of related business activities.

It is the foundation of the security structure in the Microsoft Dataverse. Each user must be part of a business entity. There is a default business unit that is created when a Dataverse database is provisioned. We can control access to information throughout the organization using business units, teams, and Territories.


Important points:

  • Business units define a security boundary.
  • Every Dataverse database has a single root business unit (Organization).
  • The Organization (also known as the root business unit) is the top of a business unit hierarchy.
  • Root business unit is automatically create when provision customer engagement app.
  • We can't delete root business unit.
  • The organization name is derived from domain name when environment was provisioned
  • we can't change the organization name using root business unit , but it can  be changed using the web API.
  • Each Business can have just one parent business unit.
  • Each Business can have multiple child business unit.
  • Security roles and users  are associated with a business unit., therefore every user must be assigned  a business unit.
  • We can change the user's business unit directly.
  • A team can consist of users from one or many business unit.
  • Before deleting a business unit, need to consider the following
    • Deleting a business unit is irreversible
    • the records owned by business unit (for example, Teams, facilities/equipment and resource groups) are deleted at the same time when we delete the business unit.
    • We can't delete a business unit until we reassign all the business unit records to another business unit.

  • When we disable a business unit, all users and teams associated with the business unit will not be able to sign in.
  • Users are not deactivated or removed if their business unit becomes inactive. They remain valid/active in the system, but they cannot log in because their business unit is disabled. This is an important difference because they continue to consume the Client Access License (CAL) even though they do not have access to the system.

Below components works tightly with business units:

  • Users
  • Business unit
  • Teams
  • Facilities/equipment 
  • Resource Group

Team:

Please go below links for knowledge about Team.

Team based Security in Microsoft Dynamics 365 CE (Part 1)
Team based Security in Microsoft Dynamics 365 CE : Owner Team (Part 2)
Team based Security in Microsoft Dynamics 365 CE : Access Team (Part 3)
Team based Security in Microsoft Dynamics 365 CE : Azure AD Security Group Team (Part 4)


Comments

Popular posts from this blog

Exploring the Differences: Managed vs. Unmanaged Solutions in Dynamics CRM/Dataverse

PCF vs. Web Resources: Choosing the Right Extensibility Tool for Dataverse

Effective Strategies for Debugging Plugins in Dynamics CRM