Microsoft Dynamics® CRM Training
An error occurred while loading the video. Please try again.
Thank you for viewing “Security Roles.” Below, you will find a short practicum designed to help you reinforce this lesson as well as a summary of the material covered in the video.
Security Roles are fundamental to the security model of Microsoft Dynamics CRM. In order to understand how Security Roles influence the privileges that a User has, create a new User and change the change the Security Roles for that User.
1. Begin by logging into a User account with the System Administrator Security Role.
2. Explore the each of the modules in CRM—Sales, Service, Marketing, and Settings—getting an idea for the privileges that you have as a System Administrator. Hint: You have a lot!
3. Create a new User called Test User (or any name you would like) and give Test User the Salesperson role only.
4. Log out and then log in as Test User.
5. Take note of the privileges that Test User has. What kind of records can you view as this User? Which Settings can you change?
6. Now, log out of this User and log back in as a System Administrator.
7. Grant Test User the Sales Manager Security Role.
8. Log out and log back in as Test User. How are your privileges as Sales Manager different than your privileges as a Salesperson? How are your privileges as Sales Manager different than your privileges as a System Administrator?
For guidance please refer to the instructions in this email and the “Security Roles” video.
In Microsoft Dynamics CRM Online and Dynamics CRM 2013, a User’s Security Role determines how he or she is able to interact with the application. In this video, we will go over the importance of Security Roles and demonstrate how a System Administrator can access and edit them.
Each Security Role is composed of several privileges that control what a User with that Role can do in CRM. In order to access the application, a User needs at least one Security Role. This way, CRM knows the level of access that the User should have.
Most of the privileges that make up a Security Role determine how a User is able to interact with certain entities. For these entity-based privileges, there are typically 8 possible actions that a User can perform: Create, Read, Write, Delete, Append, AppendTo, Assign, and Share. Each action can be restricted to varying degrees of access: None, User, Business Unit, Child Business Units, and Organization. For example, by default, a Salesperson has Read privileges for Accounts that anybody in the organization owns. However, this Salesperson may only Delete records on a User level, meaning only records that they own.
Aside from entity privileges, there are additional miscellaneous privileges. These privileges determine if a User can do anything from accessing CRM from their phone to Executing Workflow Jobs.
To access Security Roles in CRM, we’ll navigate to Settings, Administration, and click Security Roles. From here, we can see the 15 out-of-the-box Security Roles. From here, we can create a New Security Role, select an existing Security Role to copy it, or open a Security Role to edit it.
When we open a Security Role, we are given a series of tabs and a Key at the bottom of the page that shows us how each degree of access is displayed. All of the privileges are categorized into tabs, so if we navigate to Core Records, we are given a list of the core entities and, if we scroll down, some additional miscellaneous privileges.
To edit a privilege, we can simply click the privilege to toggle through the options in the key. We could also click the column to adjust all actions of a single type for all entities. For example, if we only wanted users to be able to read records from within their Business Unit instead of across the entire Organization, we would click the Read column header until the privileges match the key. Keep in mind that some entities can only have certain access levels. For example, Posts can only be accessed across the entire Organization or not at all, so when we bulk edit privileged, we have to make sure that these exceptions are taken care of.
To assign a Security Role, we navigate back to Settings, Administration, and click Users. From here, we’ll select the User or Users we want to edit, and click Manage Roles. From here, we can select Security Roles from our list. Keep in mind that if a User is assigned multiple Security Roles, each privilege defaults to the highest access level. For example, a User with the role of Salesperson and Scheduler will be able to Create Orders and Invoices, which a Scheduler normally wouldn’t have the privileges for, and create Cases, which a Salesperson normally wouldn’t have the privileges for.
Overall, Security Roles determine the privileges of each User. A User needs at least one Security Role to access the application. Security Roles can be edited from the Administration section in the Settings module. From this same section, we can assign Security Roles to Users. A User’s privileges default to the highest access level amongst all of their Security Roles.