*** NOTE: ALL INFORMATION IS ACCURATE AT DATE OF PUBLISHING ***
Often as consultants or administrators, we forget that we have higher levels of access than other users. The same can be said for users who have been given one of the out of the box security roles for Marketing. We just assume others can see the same things we can. There are two areas specifically where a marketer can review marketing interactions on the timeline for a Lead and Contact, and also gain access to the Insights on these records to see what kind of marketing activities have been generated for the audience member. Unfortunately, someone using a different app might not be able to see this level of detail. Let’s look at how you can create a new custom security role to provide the security permissions required.
First, make sure any of your custom forms include the Insights tab. If they don’t, check out this post from my good friend Amey Holden where she provides information on how to add it. This is what the Insights tab on a Contact or Lead looks like for a user with the right level of access.
Sad for those without the right permissions, because they see errors all over the place!
If you have custom forms and the timeline isn’t showing the marketing interactions even for a marketing user, check out this post on how to add the interactions to those forms. For a user with access to marketing interactions, the timeline will look something like this, showing information on emails, text messages, push notifications, web activity, forms and events.
A less informative timeline is displayed for users without the right level of access. Not fun!
From a page on Microsoft’s documentation site, they detail the types of activities that will be displayed for a Lead and/or Contact: Customer interactions timeline. They have also listed the specific tables that a user must have read permissions for in order to see them on the timeline. They have provided the database name for each table, so I have provided the table name you would see when editing a security role.
- msdyncrm_marketingemail – Marketing email
- msevtmgt_event – Event
- msdyncrm_marketingform – Marketing form
- msdyncrm_website – Marketing website
- msdynmkt_email – Email
- msdynmkt_pushnotification – Push notification
- msdynmkt_sms – Text message
In addition, you also need to add in the new Real-time Marketing forms, which will be this:
- msdynmkt_marketingform – Form
To make sure other users get the right access, you can either edit an existing security role you know your sales and/or customer service users have, or create a new one that you can assign to individual users or a team. Although you can edit it in the ‘classic’ way, I have found it easier to do it using the new functionality in the Power Platform Admin Center instead. It means you can find things by table name rather than the label of the table (which people can change). By all means create your security role in a solution, but then go to https://admin.powerplatform.microsoft.com, find the environment, then go to settings and then security roles. Click on the name of the security role you wish to edit.
From here, we can use the search box to look for the correct tables to find them in the list. Then change the Read permission from None to something different. It’s down to your companies structure if you do Organisation, Business Unit or Parent Child Business Unit. For mine, there is one business unit only, so these are being set to Organisation on the Read permission. Go through each table and change the Read permission.
The last table to look for is msdyncrm_customerinsightsinfo. It’s this table that gives access to the Insights tab. Again, change only the Read permissions and set as the level of access relevant and acceptable to your organisation. Save your security role, then assign it to the users and/or teams that require the ability to see the marketing insights table and marketing interaction activities on the timeline.
Although these are not required to allow users to see the timeline activities or insights, consider adding these other tables with Read access so that sales users can also review additional marketing related information:
- msdynmkt_contactpointconsent4 – Contact Point Consent records
- msdyncrm_customerjourneycustomchannelactivity – Custom Channel activities
- msevtmgt_eventregistration – individual Event Registations
- msdynmkt_marketingformsubmission – Realtime Marketing Form Submissions
- msdyncrm_marketingformsubmission – Outbound Marketing Form Submissions
Check out the latest post:
Display Countdown Timer Using Nifty Images In Customer Insights - Journeys
This is just 1 of 478 articles. You can browse through all of them by going to the main blog page, or navigate through different categories to find more content you are interested in. You can also subscribe and get new blog posts emailed to you directly.
Hi Megan,
Happy New Year 🥳!
I have added the marketing activities to a custom contacts timeline in a custom app (using https://learn.microsoft.com/en-gb/dynamics365/customer-insights/journeys/timeline?WT.mc_id=DX-MVP-5003395).
Is it possible to include the marketing activities on the contacts timeline WITHOUT the links to the forms/emails/text messages/etc?
The reason for this is that there are some users who need to see the marketing activities on the timeline but they are not allowed to have access to Customer Insights.
Currently when they click the link to a CIJ form/email a new tab opens with the following message:
“We can’t open this app
The app URL wasn’t found or you need permissions to open it. Please check the URL and try again, or contact your system administrator.”
This isn’t a great user experience, it would be great if the links could be turned off. Although that would mean that actual Customer Insights users would not see the links either. 🤔
Maybe it is best to just give the non Customer Insights Users Read-only access to the CIJ tables.
I hope my ramblings make sense.
Thanks,
Seán
Hi Seán,
Happy New Year to you also! Your question makes sense, but there is no way for you to edit or control how those activities look within the timeline. So it’s either turn them on, but know that the users clicking on the link will not have access to the App and get an error, leave it turned off and then they can’t see them, or give them access to see them and also access to the App (not what I would suggest) so they don’t get the error.
Sorry, no other options really!
Megan
Thanks Megan!!
Amazing! Thank you. I wish these permissions were already included in the OOB Marketing security roles – it seems they’re not yet.
Hi Alfredo, they are included in the OOB marketing security roles. You should only need to add these to a custom security role if it’s for users without access to the app.