If you had read these previous posts, you have a basic knowledge about Microsoft Dynamic CRM Security model in this post and this. In fact, it is the most important for understanding about it to enter xRM world, and help you deploy successful CRM system.
We will find out more detail about it in this article.
What is truth about Security model Microsoft Dynamic CRM?
In fact, the technology is not new to LoB application, it has been used for many product of Microsoft, such as Microsoft Dynamic AX…and it has been became the patterns for developing other security system of software application. It was called role-based security.
Microsoft has been used this patterns for Microsoft Dynamic CRM, it contains these following factors.
- Privileges
- Access levels
- Security roles
- Hierarchy security
All these factors has been developed to control all security in Microsoft Dynamic CRM as following table.
| Purpose of Security model | Notes |
| Control access to record | Define all the actions that user can perform (CRUD operations), depend on who the user is and the ownership of record. |
| Control access to UI element |
|
| Control to access CRM functions |
|
| UX Experience |
|
Priviledges
A privilege is a permission to perform an action in Microsoft Dynamics CRM. It is the core for security checking and has been built-in Microsoft Dynamics CRM, there are more than 500 priviledges as default and will be added for each new version releases.
Priviledge sample
- Create record
- Update record
- Assign record
- Delete record
- …
They are call priviledge in xRM world. You can see in following table.
Priviledges in MS CRM
Access levels
Access level is the concept to allow user interact with your business in the hierarchy of organization, the following image is the chart for access level description that Microsoft has been used for structuring & virtualize your business in Microsoft Dynamic CRM system.
Access Level structure & virtualize your business
As the image, you will see that there are 4 Access Levels in Microsoft Dynamic CRM.
None No access is allowed for this level.
| Access Level | Description |
| User Access Level | Providing access only for records:
|
| Business Access Level | Providing access only for records:
|
| Parent: Child Business Unit | Providing access only for records:
|
| Organization | Providing access only for records:
|
Security roles
Security role is combining of business unit to control actions of user in Microsoft Dynamic CRM system. Security role cannot be separated with access level & privileges. We can create roles within Microsoft Dynamics CRM and modify or remove these custom roles to fit your business needs. The roles you create for your business unit are inherited by all the business units in the hierarchy. (from MSDN).
There are relationship between role with business unit and role with team. The following table describe for these relation.
| Security role | Description |
| Security role with Business Unit |
|
| Security role with Team |
|
Security roles will be combined together if user/team was assigned many roles
Hierarchy security
It is a new update of Microsoft for offering more granular access to records for an organization and helps to bring the maintenance costs down. You can see more scenarios for it at link and link.
It helps you to more flexible for accessing records in MS CRM, the following are characteristic of it.
- Extended the existing security model
- Can be used conjunction with existing security model.
- Access through Settings – Security – Hierarchy.
Taking advantage of hierarchy security will help you virtualize your security roles with position in your business unit as below image.
Virtualize security roles via Hierarchy security
Hope it will be useful for someone.
Microsoft Dynamic xRM 