You can't assign a user a security role which has privileges you do not hold yourself.
You cannot add a user to a Team which has a security role which has privileges you do not hold yourself (because they will be able to act as if they have that role themselves)
If you could do either of these things you could potentially create a user and use it to gain access to things you should not have - an "elevation of privileges".
Check the Team you are trying to add the user to, and make sure you have that role, then this should be fine.
Also note as a matter of best practice you may want to only give roles to Teams which have the exact rights you need the Team to have - if the Team exists so that it can own Case records, don't give it any access to anything else. Then no-one can accidentally assign an Account, or Opportunity to this Team, and you won't have so many issues about adding users to it.
No comments:
Post a Comment