What are Access Teams?
- Access Teams are light-weight teams aimed at high volume sharing scenarios.
- These are designed to address the concerns of the overhead of calculating security roles when needed.
- Access Teams can be automatically created and managed.
- Access teams can’t be granted security roles and they can’t own records.
- They only access records through sharing.
- Sharing privileges are defined by an access team template. They don’t change dynamically for existing records if the template changes.
- Access Teams can’t be used as resources in Service Scheduling.
Access Teams, however, can be created manually through Teams interface in Settings > Administration.
Creating an Access team
- An Access Team first needs to be enabled from an Entity level. To do so, navigate to Customizations > (Entity). We can consider an example of a custom entity, say Customer.
The checkbox on Access Teams needs to be checked to be able to enable Access Teams for Customer entity.
- Then, we navigate to Settings > Administration > Access Team Templates. And select New template.
Give a meaningful Name to the template that will be identified. Select the entity from the Entity dropdown that we enabled Access Teams for at the Entity level.
We can provide desired access rights as mentioned above from Delete, Append, Append To, Assign, Share, Read and Write.
- Now you Access Team template has been created. Next, we shall add a sub-grid to the Customer form that will access this template. And Set Properties as follows for the Sub-Grid on the form.
As shown below, set the following properties for the Data Source of the sub-grid,
Records to All Record Types
- Entity to Users
- Default View to Associated Record Team Members
- Team Template to Customer List Access (This is the Access Team Template you just created)
The sub-grid now is set to add users to the Access Team that will use the access rights we set in the Access Team Template.
- Once the record is created, you can add Users to the sub-grid that will have access to that particular record and which will have access rights as defined in the template.
As in the above form, the 2 users have access to the record with name Ashwin V. with the access rights Append, Append To, Read and Write.
How Access Teams work?
- Whenever Access Teams are enabled for an entity, the team’s lifecycle is managed automatically.
- So when the first member is added to the Access Team grid, an access team is created and the first member is granted the access rights as specified.
- Then as members are added and removed, access to those members are added and removed respectively.
- When the final member of the access team is removed, the team gets deleted. This marks the end of the Access Team lifecycle.
- Deactivating the record, however, won’t affect the access team. Only adding and removing members from the access team will cause deletion of automatically generated access team.
Viewing the Access Teams
- In normal operation, access teams are created automatically. Hence, they are system generated and are deliberately hidden from users.
- In order to view these access teams, use ‘Advanced Find’ option to query for Teams of type Access and Is System Managed as Yes, No.
- This will show both access teams, automatically created and system generated as shown in the figure below.
The automatically generated access teams are named as their GUID.
Migrating to Access Teams
Teams that have been migrated from older version will be migrated as owner teams. It’s possible to convert them to access teams under the following conditions:
- The owner team doesn’t have any security roles, and
- The owner team isn’t the owner of any records.
The CONVERT TO ACCESS TEAM button will convert the owner team into an access team once the above said criteria is matched.
Programmatic control of access teams
- Remember, an access team is actually created when we add the first member to the access team. So we need an existing team to add a team member to it.
- A new SDK message is introduced to handle this scenario. AddUserToRecordTeamRequest.
- Using the said SDK message, we need to specify the record and team template that the user should be added to. This will resolve the request to the access team that is relevant and, if necessary, create the team before adding the user as a member.
- When working with system generated access teams, this message should be considered for adding users as team members.
So, that’s it! Hope you find this useful. 🙂