Microsoft Dynamics® CRM Training
Duplicate Detection and Security Roles
An error occurred while loading the video. Please try again.
In Microsoft Dynamics CRM, the Duplicate Detection function helps to keep data in your organization clean by preventing inconsistencies and duplicate records. When an entity is enabled for Duplicate Detection, a Duplicate Detection Rule is created for that entity. Then, a Duplicate Detection Job is run and, based on the defined rule or rules, presents the user with any duplicate records that were found.
Take note that Duplicate Detection only checks against records that the user running the job has access to. For example, once I, the System Administrator, publish a rule for the Account entity that checks for records with matching Account Names, say Jane xRM runs a Duplicate Detection Job for all active Account records. The problem is that Jane only has access to Account records in her business unit. If there is an identical Account record in a different business unit, Jane won’t see the duplicate record in the results.
This might seem like a flaw or oversight, but it isn’t. If Jane isn’t allowed to see any Account records outside of her business unit, why would Dynamics CRM show her a duplicate record she is not supposed to see? Furthermore, Duplicate Detection allows users to merge duplicate records. This would allow Jane to edit a record she’s not supposed to have access to.
There are a couple of workarounds to this problem. One solution would be to grant the user Read privileges for the entity in question. If Jane is going to be working with Accounts and running Duplicate Detection Jobs, it may be beneficial to at least give her the ability to detect duplicate records, but not necessarily merge them. To do this, I navigate to Settings > System > Administration, and then click Security Roles.
When the list of Security Roles appears, I could choose one assigned to Jane. The problem is I can’t modify the privileges of one user. If I only want Jane to have Read privileges to all Accounts, then I have to create a separate Security Role and assign it to her.
To create the new role, I click New in the toolbar. The Security Role form opens. In the Role name field, I type, “Account Duplicate Detection”. The Account entity is located in the Core Records tab. Notice that every privilege is blank. All I want to do is set the Read privilege for Account to “organization”. Once the circle is completely green, I can click Save and Close.
Once Dynamics CRM creates the role, I can assign it to Jane in addition to the Security Roles that have already been assigned to her. She will then be able to detect duplicate Account records in the entire organization, but won’t be able to edit ones outside of her business unit.
Another solution to this dilemma is to create a Duplicate Detection Security Role. This role would have organizational-level Read privileges for every entity that is enabled for Duplicate Detection. I would then assign the role to a specific user, or a group of users. Those users would be responsible for running Duplicate Detection Jobs.
It is up to you to identify the needs of your business and decide how to approach Duplicate Detection; however, it is important that users understand that they can only detect duplicate records to which they have access.
To learn more about Duplicate Detection, please watch “Duplicate Detection Rules,” “Duplicate Detection Jobs,” and “Checking for Duplicates.”
For more tips, tricks, and tutorials, please refer to the Success Portal or our xRM.com blog.