User and team entities

 

Applies To: Dynamics 365 (online), Dynamics 365 (on-premises), Dynamics CRM 2016, Dynamics CRM Online

User and team management is the area of Microsoft Dynamics 365 where you can create and maintain user accounts and profiles.

A user is any person who works for a business unit who uses Microsoft Dynamics 365. Each user has a user account. All users must be associated with only one business unit. This association controls which customer data the user will have access to. Included in the user's account is information such as the user's telephone numbers, email address, and a link to the user's manager. Each user has privileges and rights to manage their own personal settings. Each user corresponds to a user in the Active Directory for that organization. When you create a user, you must assign the user to at least one security role. Even if the user is part of a team that has assigned roles, the user should be assigned to a role. For more information about access levels and roles, see How role-based security can be used to control access to entities in Microsoft Dynamics 365.

A team is a group of users. Teams let users across an organization collaborate and share information. For more information about teams, see Use access teams and owner teams to collaborate and share information.

Records can be owned by users or teams. Set the OwnershipType to OwnershipTypes.UserOwned or OwnershipTypes.TeamOwned to enable ownership. You can use the ReassignObjectsOwnerRequest message or the ReassignObjectsSystemUserRequest message to do bulk reassignment of all records for an owner.

The following illustration shows the entity relationships for users and teams.

User and team entity relationship diagram

Users

In Microsoft Dynamics 365, users can be disabled but they cannot be deleted. To find the user who is currently logged on or who is impersonated, call the WhoAmIRequest message.

The following table provides details about the significant attributes for the system user entity.

Attribute name

Description

AccessMode

Specifies the type of access that this user has to Microsoft Dynamics 365. This is sometimes referred to as the type of user.

  • Administrative – The user has access to the Settings area but does not have access to the Sales, Marketing, and Service areas.

  • Non-Interactive – The user can access the system but only through the Web service.

  • Read – The user has read-only access.

  • Read-Write – The user has both read and write access.

  • Support User – The user was created by the Microsoft Dynamics support team.

CalType

Specifies the user’s license type.

  • Administrative – The user has administrative user rights.

  • Device Full – The user who is using the device running Microsoft Dynamics 365 has both read and write access.

  • Device Limited – The user who is using the device running Microsoft Dynamics 365 has only read access.

  • Full – The user has both read and write access.

  • Limited – The user has only read access.

IsDisabled

Specifies whether the user is disabled. Only licensed users or users who have an access mode of support or non-interactive can be enabled. Support users cannot be disabled.

IsLicensed

Specifies whether the user is licensed. This applies to customers who access Microsoft Dynamics 365 (online) through the Microsoft Online Services environment. This attribute is read-only, and is updated by the system.

IsSyncWithDirectory

Specifies whether the user is synchronized with the Office 365 directory. This applies to customers who access Microsoft Dynamics 365 (online) through the Microsoft Online Services environment. This attribute can only be set on create and is otherwise read-only.

QueueId

Specifies the default queue for the user.

Access checks are additive. You can access entities based on the roles assigned to the user plus the roles assigned to the team that a user is a member of. This allows a user to have privileges outside their business unit.

Note

A user's set of privileges is a union of privileges from the user's roles and privileges from all teams’ roles in which the user is a member.

For more information about how users are provisioned in and synchronized with Microsoft Office 365, see Synchronized users in Microsoft Dynamics 365 (online) and Office 365.

Non-interactive users are often used when writing service-to-service code because they do not use up a license. Microsoft Dynamics 365 (online) allows for five free non-interactive users. To disable a non-interactive user, update the user record changing the accessmode value to any other value. The user will be disabled automatically.

See Also

Administration and security entities
Synchronized users in Microsoft Dynamics 365 (online) and Office 365
Use access teams and owner teams to collaborate and share information
Team entity messages and methods
Specify time zone settings for a user
TeamTemplate entity messages and methods
SystemUser (user) entity messages and methods
UserSettings entity messages and methods
Sample: Assign a record to a team
Sample: Create an on-premises user
Sample: Disable a user
Sample: Share records using GrantAccess, ModifyAccess and RevokeAccess messages
Sample: Share a record using an access team
Blog: Service Accounts – Non-Interactive Users
Privilege and role entities

Microsoft Dynamics 365

© 2016 Microsoft. All rights reserved. Copyright