User and team entities
Updated: November 29, 2016
Applies To: Dynamics 365 (online), Dynamics 365 (on-premises), Dynamics CRM 2016, Dynamics CRM Online
User and team management is the area of Microsoft Dynamics 365 where you can create and maintain user accounts and profiles.
A user is any person who works for a business unit who uses Microsoft Dynamics 365. Each user has a user account. All users must be associated with only one business unit. This association controls which customer data the user will have access to. Included in the user's account is information such as the user's telephone numbers, email address, and a link to the user's manager. Each user has privileges and rights to manage their own personal settings. Each user corresponds to a user in the Active Directory for that organization. When you create a user, you must assign the user to at least one security role. Even if the user is part of a team that has assigned roles, the user should be assigned to a role. For more information about access levels and roles, see How role-based security can be used to control access to entities in Microsoft Dynamics 365.
A team is a group of users. Teams let users across an organization collaborate and share information. For more information about teams, see Use access teams and owner teams to collaborate and share information.
Records can be owned by users or teams. Set the OwnershipType to OwnershipTypes.UserOwned or OwnershipTypes.TeamOwned to enable ownership. You can use the ReassignObjectsOwnerRequest message or the ReassignObjectsSystemUserRequest message to do bulk reassignment of all records for an owner.
The following illustration shows the entity relationships for users and teams.
In Microsoft Dynamics 365, users can be disabled but they cannot be deleted. To find the user who is currently logged on or who is impersonated, call the WhoAmIRequest message.
The following table provides details about the significant attributes for the system user entity.
Specifies the type of access that this user has to Microsoft Dynamics 365. This is sometimes referred to as the type of user.
Specifies the user’s license type.
Specifies whether the user is disabled. Only licensed users or users who have an access mode of support or non-interactive can be enabled. Support users cannot be disabled.
Specifies whether the user is licensed. This applies to customers who access Microsoft Dynamics 365 (online) through the Microsoft Online Services environment. This attribute is read-only, and is updated by the system.
Specifies whether the user is synchronized with the Office 365 directory. This applies to customers who access Microsoft Dynamics 365 (online) through the Microsoft Online Services environment. This attribute can only be set on create and is otherwise read-only.
Specifies the default queue for the user.
Access checks are additive. You can access entities based on the roles assigned to the user plus the roles assigned to the team that a user is a member of. This allows a user to have privileges outside their business unit.
A user's set of privileges is a union of privileges from the user's roles and privileges from all teams’ roles in which the user is a member.
For more information about how users are provisioned in and synchronized with Microsoft Office 365, see Synchronized users in Microsoft Dynamics 365 (online) and Office 365.
Non-interactive users are often used when writing service-to-service code because they do not use up a license. Microsoft Dynamics 365 (online) allows for five free non-interactive users. To disable a non-interactive user, update the user record changing the accessmode value to any other value. The user will be disabled automatically.
Administration and security entities
Synchronized users in Microsoft Dynamics 365 (online) and Office 365
Use access teams and owner teams to collaborate and share information
Team entity messages and methods
Specify time zone settings for a user
TeamTemplate entity messages and methods
SystemUser (user) entity messages and methods
UserSettings entity messages and methods
Sample: Assign a record to a team
Sample: Create an on-premises user
Sample: Disable a user
Sample: Share records using GrantAccess, ModifyAccess and RevokeAccess messages
Sample: Share a record using an access team
Blog: Service Accounts – Non-Interactive Users
Privilege and role entities
Microsoft Dynamics 365
© 2016 Microsoft. All rights reserved. Copyright