Microsoft Dynamics CRM – Team Share vs. User Share
Sharing records in Microsoft Dynamics CRM is often used to solve matrix like authorization problems.
For example, let’s say our organization has two main divisions: Sales and Products. While Opportunities are managed in the Sales division by Sales Managers, Presale Engineers from the Products Division are required to view these opportunities as well. Opportunities hold sensitive information and Presale Engineers should have access to specific Opportunities which are related to the product they manage.
Microsoft Dynamics CRM hierarchical authorization model allows users from one business unit to access business records owned by users from a sibling business unit only by granting them global access level which allows users to access all the records in the organization. This problem can be solved by the Sharing mechanism which allows granting ad hoc record level access level.
In the previous example, a Sales Manager can share an Opportunity with Presale engineer to grant him access to only the record which requires his attention.
Another solution is to set up a team for each product, while each team will include the required Presale Engineers. Sharing an Opportunity with a the a team rather than with a single user is preferred because as the team members change, their share access is automatically adjusted: access is granted to new team members and revoked from members leaving the team. Sales Manager need only remember the product team name and is indifference to the actual team members.
For enterprise level applications, sharing business records with teams rather than users is critical. Share authorization data is managed in central database table named PrincipalObjectAccess (POA). The POA table is accessed by any query related to data access level, and with Microsoft Dynamics CRM, most queries do. As the POA table grows large, application performance may decrease. Is it recommended to keep the POA table as small as possible.
Sharing records with Team, rather than with users can help achieving this goal: each share per object is represented by a record, so sharing an Opportunity with 3 users will add 3 records to the POA table. But sharing an Opportunity with a Team (related to N members) will only add one record to the POA table. In large scales, this fact can have a major impact on Microsoft Dynamics CRM performance.