Breaking news from around the world
Get the Bing + MSN extension
Now Available in Community - MBAS 2019 Presentation Videos
Catch the most popular sessions on demand and learn how Dynamics 365, Power BI, PowerApps, Microsoft Flow, and Excel are powering major transformations around the globe. | View Gallery
2019 release wave 2 Discover the latest updates to Dynamics 365Release overview guides and videos Release Plan | Early Access Availability
Ace your Dynamics 365 deployment with packaged services delivered by expert consultants. | Explore service offerings
Connect with the ISV success team on the latest roadmap, developer tool for AppSource certification, and ISV community engagements | ISV self-service portal
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Program | Finance TechTalks | Customer Engagement TechTalks | Talent TechTalks | Upcoming TechTalks
I've written a recent past post around security complexity and the challenges around time it takes to properly implement. Today I wanted to expand on this specifically around security roles themselves because there huge; to anyone just starting there CRM journey it's very complex.
When you look at a fresh organization it already comes with a verity of security roles. These roles are typically for different job titles and it's split by the functionality groups think sales or service etc. This is where people often start modifying to there hearts content without thinking of the impacts of this. First thing we need to understand we have the power of copying out of the box security roles.
The reason I talk about copying roles is that once you've changed the out of the box roles to fit your own they are gone for ever. It's handy to have something to go back and look at over your CRM journey. The second thing to think about is that security roles exist at the business unit level. In the picture above you can see there is a drop down for business units. Your able to select which business unit you want to work on it's security roles for. This means if we are three business units deep from an organizational level this "Account Manager" role will exist in three separate instances of each of those business units. We can make changes independently of the other business unit roles. Ultimately the combination of having security roles separate at each business unit is a high level of customization out of box but it brings complexity. It brings complexity when troubleshooting security issues as well.
Let's actually open a security role and look inside of it.
There is a ton going on; all in the name of flexibility and visibility. Every entity has a wide veriity of settings that are possible. Your' able to control: Create, Read, Write, Delete, Append, Append To, Assign, and Share. Your able to set one of 5 different security permission sets for each of those 7 controls: None Selected, User, Business Unit, Parent: Child Business Units, Organization. Then on top of every entity this exists for we have things like Miscellaneous Privileges which allow for other options within CRM to be completed by the security role.
Take this all in with the idea of if you have multiple security roles assigned to a user they combine allowing for the highest level of access per security roles to be granted. All in all it can be very messy.
Overall I applaud the level of customization we have for security roles and honestly it's been this good since CRM 4.0 but as someone newer to Dynamics CRM 365 it's definitely overwhelming. I'd recommend taking a look at the XRMToolbox as there is a plugin that allows you to view User's security roles as a report made by Jonathan Daugaard.
Here are my big three thoughts around best practices for using Security roles:
Business Applications communities