PowerObjects Blog 

for Microsoft Business Applications

Duplicate Detection and Security Roles in Dynamics CRM

Post Author: Joe D365 |

The duplicate detection functionality in Microsoft Dynamics CRM was developed to help you maintain integrity of your data. You can configure duplicate detection rules for any entity in CRM. The duplicate detection can be used during the creation of a record, updating a record, during imports or as a scheduled job.

One thing to note is that the duplicate detection setting only allows you to check against records that you have access to in CRM.

Let's say, for example, that a salesperson attends a conference and receives a handful of business cards. He would like to create them as leads in CRM to validate that they actually want to do business. Currently, this user has full access to leads, but his access to the accounts and contacts are only for records that are in his business unit. The system administrator created a few duplicate detention rules to help prevent duplicate data in the system:

1. The first rule was set up to check against existing leads.

duplicate detection with security roles

2. The second one was to check the first name, last name and email address of the lead against existing contacts.

3. The last one was to check the company name against the account name in the account entity.

With these three duplicate detection rules setup in CRM, the system administrator believed they could catch all records that may have been duplicates. What the administrator didn't realize is that when the duplicate detection functionality is run by the user, it only checks against records that the user has access to.

Below is the current organizational structure. There is a business unit based on each territory. Security is set up so that users can only see and access data in their specific business unit, except for leads.

Let's say that a user in the Eastern BU creates a lead, but a contact already exists in the Midwest BU. Since the user doesn't have access to check against the records in the Midwest BU, this would allow the user to create the lead record. If the contact existed in the Eastern BU, the duplicate detection would have caught this duplicate record.

There are a few different ways to handle this situation:

  1. Allow users read rights to all leads, accounts and contacts. This might not be the best option as this is the reason you set up your CRM hierarchy.
  2. Create a new security role that has permission to the whole organization and grant one person this role. This user would then be required to create any new records that you want the duplicate detection turned on for.
  3. Create a duplicate detection job that is run by an administrator user that has organizational rights to the lead, account and contact entities. Any duplicate records would have to be merged by a user who has rights at the organization level.

The option you go with will depend on how your organization handles the way data is shared among its users.

If you need help developing best practices for your particular organization regarding security roles and duplicate detection, PowerObjects can help. Contact us for more information.

Happy CRM'ing!

By Joe D365
Joe D365 is a Microsoft Dynamics 365 superhero who runs on pure Dynamics adrenaline. As the face of PowerObjects, Joe D365’s mission is to reveal innovative ways to use Dynamics 365 and bring the application to more businesses and organizations around the world.

6 comments on “Duplicate Detection and Security Roles in Dynamics CRM”

  1. Excellent article Joe. This is the issue faced by one of my clients. The users are relationship managers (bankers) who are part of different sales teams (set-up as BUs) but access the same region to scout for leads. What they want is the ability to catch upfront that a lead about to be entered by them in CRM has not already been done by some other RM, so that they do not pursue this lead anymore. Also as a policy no RM cannot see records of another RM. Your options above as such doesn't work. Option 1 because of policy, option 2 because multiple RMs create leads and this activity cannot be thrusted on a single person and option 3 because they want immediate alert of a potential duplicate. Scheduled job might be too late and they would have spent time working on the same lead leading to more troubles. Can you suggest any other alternative??

    1. I am facing the same issues as Abhirup. Any advice to warn about duplicates the users cannot see because of read rights with their security role?

  2. Good Article.
    But I am a bit confused here that I created two contacts with same Business phone and it allowed me to create both the contacts.
    Can you please provide me a solution if I am wrong somewhere!!!

    1. First of all you have to create the duplicate detection rules for the contact entity and select the field you want the system to check for duplicates, in your case the "Business Phone" field. Then you have to publish the duplicate detection rule you created. Lastly you need to enable duplicate detection under duplicate detection settings. As the article states, if a person doesn't have access to existing records in CRM through their security role, it will not trigger the duplicate warning.

      1. I don't know if there was some error in our CRM instance.
        I updated the CRM 2013 and duplicate detection was working perfectly!!

        1. Thanks for sharing. THere definitely have been improvements with the duplicate detection. In our crm 2015 we have literally 0 issues with our rules now This was not the case back in crm 2011.....

PowerObjects Recommends