Hello everyone;

I've been stirring on this topic for a few months now. I often see companies underestimating the amount of time that's needed for security role customization inside of CRM. It's a complex topic as there are many layers to security within Microsoft Dynamics 365. Often security is mismatched until it works with security roles, teams, and business units.

When thinking about security you need to consider the following items:

  • Business Units - Does the company need to use Business Units? This structure will have impacts on security roles to be created later on.
  • Teams - Teams are a robust groupings of users with there own queues and security roles. It's important to pay attention to what security roles are added to the teams.
  • Security Roles - Do the out of the box security roles fit your business roles; if not are you able to clone one and modify to more align to your businesses needs? Do you know exactly what entities (out of box or custom) that need to be used by each role? Did you realize that the security role also drives the navigation and what entities they can see.
  • User Onboarding - Understanding your organizations security system is key to making adding users easy. Knowing if its select this single or multiple security roles or simply adding them to a team. This should be discussed and determined while the implementation is happening so your company knows how to add users themselves.

One of the biggest drivers to managing security properly within Dynamics CRM is that everything is driven off of it's complex security model. Users might have records, charts, dashboards, etc that they can't see because of there security roles. When we run into security issues during development troubleshooting these types of environments become very time consuming.

I hope this makes you ponder a bit more on the security side of things in your existing or next implementation as it's a very important part of every project.