Thursday, May 14, 2020

Security and Access Permission in Dynamic 365 CRM


Microsoft Dynamics CRM security model is composed of business units, access level and privilege level which provide data integrity and privacy and supports efficient data access, teamwork, and collaboration.

Organization and Business Structures

There are three primary entities within the organization. These are users, teams, and business units.
Users represent people who use the Microsoft Dynamics CRM application.
Teams are arbitrary groups of users created and defined by a user in an organization.
Business units are the structural units of an organization. They are the primary container entity within the organizational hierarchy. It is the business unit structure that determines and defines the concepts of access level (defined later).



Organization Hierarchy Example






Example to understand Access Level














Access Level in MS CRM


Organization. This access level exposes to a user all entity instances within the organization, regardless of the business unit hierarchical level to which the instance or the user belongs.
Because this access level gives access to information throughout the organization, it should be restricted to match the organization's data security plan.

This level of access is usually reserved for managers with authority over the organization.

Parent: Child Business Units. This access level exposes to a user entity instances in the user's business unit and all business units subordinate to the user's business unit.
This level of access is usually reserved for managers with authority over the business units.

Business Unit. This access level exposes to a user entity instances in the user's business unit.
This level of access is usually reserved for managers with authority over single business unit only.
User. This access level exposes to a user entity instances he or she owns, objects that are shared with the user, and objects that are shared with a team of which the user is a member.
This is the typical level of access for sales and service representatives.
None Selected. None.



Privilege Level in Dynamic 365 CRM





Definition of Privilege Level


Privilege
Description
Create
Create a record.
Read
View a record.
Write
Make changes to a record.
Delete
Delete a record.
Append
Associate a record to another record.
Append To
Associate entity record to this record.
Assign
Transfer record ownership to another user.
Share
Give access to a record to another user while keeping your own access.
Re-parent
Assign a different parent to entity record.



No comments: