Legal User Guide for Microsoft Dynamics 365
Security
Our system uses Standard Security and Access Teams to control who can view or edit each Matter and its related records (such as Billing Events and Expenses). This ensures that only the people responsible for a Matter can access its information, while keeping all other Matters securely hidden.
Records can also be located in separate Business Units (BU) to give groups within the organisation to all records in the BU they are assigned to. BU’s can also be used to create a silo for sensitive cases although the below access teams also work very well to restrict / provide access.
Standard Security Roles and Access Levels
Security roles define what each user can do across core records such as Accounts, Contacts, Leads, Opportunities, Activities, and Cases.
Access Levels
These roles apply system‑wide and set the maximum level of access a user can have. Each privilege (Read, Write, Create, Delete, Append, Append To, Assign, Share) is granted at one of four access levels:
-
User: The user can only access records they own or records shared directly with them.
-
Business Unit (BU): The user can access all records owned by anyone in their own Business Unit.
-
Parent:Child Business Unit: The user can access records owned by their BU and all child BUs beneath it.
-
Organization: The user can access all records in the entire environment.
These levels allow the system to support different organisational structures. For example:
-
A salesperson with User‑level access to Leads only sees the Leads they own.
-
A team leader with BU‑level access sees all Leads owned by their team.
-
A manager with Parent:Child BU access sees Leads across multiple teams.
-
Administrators with Organization‑level access can see and manage everything.
Security roles ensure users only see and work with the records appropriate to their role, while Access Teams (if used) further restrict access to specific records when confidentiality is required.
How Access Teams Work
Access Teams give users permission to specific records. They do not replace a user’s security role; instead, they work together.
-
A security role defines what a user can do in general (for example, whether they are allowed to edit Billing Events at all).
-
An Access Team defines which specific Matters the user can access.
A user must have both the correct security role and Access Team membership to work on a Matter.
Assigning Access
This section covers how to assign access for security roles.
Responsible Attorneys
When a user is added as a Responsible Attorney on a Matter:
-
They are automatically added to the Attorney Access Team for that Matter.
-
They receive read and write access to the Matter.
-
They also receive access to all related records, including Billing Events, Expenses, Notes, and Activities.
Responsible Staff
When a user is added as Responsible Staff:
-
They are added to the Staff Access Team for that Matter.
-
They receive read‑only access to the Matter and all related records.
-
They can view all information but cannot make changes.
Automatic Access and Removal
Access is managed automatically when (following conditions):
-
When a user is added to the Responsible Attorney or Responsible Staff fields, they immediately gain access through the appropriate Access Team.
-
When a user is removed from those fields, their access is removed at the same time.
-
This ensures that access always reflects the current Matter team and reduces the need for manual security management.
What Users Will See:
-
Users only see Matters where they are part of the Access Team.
-
All other Matters remain hidden.
-
This keeps the workspace clean, secure, and focused on the Matters each user is responsible for.