User and team entities

User and team management is the area of Dynamics 365 Customer Engagement (on-premises) where you can create and maintain user accounts and profiles.

A user is any person who works for a business unit who uses Dynamics 365 Customer Engagement (on-premises). Each user has a user account. All users must be associated with only one business unit. This association controls which customer data the user will have access to. Included in the user's account is information such as the user's telephone numbers, email address, and a link to the user's manager. Each user has privileges and rights to manage their own personal settings. Each user corresponds to a user in the Active Directory for that organization. When you create a user, you must assign the user to at least one security role. Even if the user is part of a team that has assigned roles, the user should be assigned to a role. For more information about access levels and roles, see How Role-Based Security Can Be Used to Control Access to Entities In Dynamics 365 Customer Engagement (on-premises).

A team is a group of users. Teams let users across an organization collaborate and share information. For more information about teams, see Use Teams to Collaborate and Share Information.

Records can be owned by users or teams. Set the OwnershipType to OwnershipTypes.UserOwned or OwnershipTypes.TeamOwned to enable ownership. You can use the ReassignObjectsOwnerRequest message or the ReassignObjectsSystemUserRequest message to do bulk reassignment of all records for an owner.

The following illustration shows the entity relationships for users and teams.

User and team entity relationship diagram.

Users

In Dynamics 365 Customer Engagement (on-premises), users can be disabled but they cannot be deleted. To find the user who is currently logged on or who is impersonated, call the WhoAmIRequest message.

The following table provides details about the significant attributes for the system user entity.

Attribute name Description
AccessMode Specifies the type of access that this user has to Dynamics 365 Customer Engagement (on-premises). This is sometimes referred to as the type of user.

- Administrative – The user has access to the Settings area but does not have access to the Sales, Marketing, and Service areas.
- Non-Interactive – The user can access the system but only through the Web service.
- Read – The user has read-only access.
- Read-Write – The user has both read and write access.
- Support User – The user was created by the Microsoft Dynamics support team.
CalType Specifies the user’s license type.

- Administrative – The user has administrative user rights.
- Device Full – The user who is using the device running Dynamics 365 Customer Engagement (on-premises) has both read and write access.
- Device Limited – The user who is using the device running Dynamics 365 Customer Engagement (on-premises) has only read access.
- Full – The user has both read and write access.
- Limited – The user has only read access.
IsDisabled Specifies whether the user is disabled. Only licensed users or users who have an access mode of support or non-interactive can be enabled. Support users cannot be disabled.
IsLicensed Specifies whether the user is licensed. This applies to customers who access Dynamics 365 for Customer Engagement through the Microsoft Online Services environment. This attribute is read-only, and is updated by the system.
IsSyncWithDirectory Specifies whether the user is synchronized with the Office 365 directory. This applies to customers who access Dynamics 365 for Customer Engagement through the Microsoft Online Services environment. This attribute can only be set on create and is otherwise read-only.
QueueId Specifies the default queue for the user.

Access checks are additive. You can access entities based on the roles assigned to the user plus the roles assigned to the team that a user is a member of. This allows a user to have privileges outside their business unit.

Note

A user's set of privileges is a union of privileges from the user's roles and privileges from all teams’ roles in which the user is a member.

Non-interactive users are often used when writing service-to-service code because they do not use up a license. Dynamics 365 for Customer Engagement allows for five free non-interactive users. To disable a non-interactive user, update the user record changing the accessmode value to any other value. The user will be disabled automatically.

Community tools

User Settings Utility is a tool that XrmToolbox community developed for Dynamics 365 Customer Engagement (on-premises). Please see the Developer tools topic for community developed tools.

Note

The community tools are not a product of Microsoft Dynamics and does not extend support to the community tools. If you have questions pertaining to the tool, please contact the publisher. More Information: XrmToolBox.

See also

Administration and Security Entities
Use Teams to Collaborate and Share Information
Team Entity
Specify time zone settings for a user
TeamTemplate Entity
SystemUser Entity
UserSettings Entity
Sample: Assign a Record to a Team
Sample: Create an On-Premises User
Sample: Disable a User
Sample: Share Records Using GrantAccess, ModifyAccess and RevokeAccess Messages
Sample: Share a record using an access team
Blog: Service Accounts – Non-Interactive Users
Privilege and Role Entities