Microsoft recently announced new features coming out with their next version of Microsoft Dynamics CRM 2015 (previously code named Vega). Check out the Dynamics CRM 2015 Release Preview Guide to see what features are coming with 2015.
Next up for our review are the changes being made to the security model. Note that the functionality below are simply additions to the security model. The previous security of business units, access teams, ownership teams, security roles, etc. will remain in place.
Field Level Security Improvements:
First off we’ll briefly discuss some changes being made for Field Level Security (FLS). FLS will now be available to work off of System Fields. Previously this only was available for Custom Fields
FLS also has extended for additional attribute types such as address fields (out of the box only) and email address fields (custom or out of the box fields).
Now lets review the the new major change to security that’s coming in CRM 2015, the Hierarchical Security Modeling.
Hierarchical Security Modeling
With CRM 2015, Microsoft introduces a new version of security they label Hierarchical Security Modeling. With this security modeling, granular record level access can be granted for an organization without having to create and manage business units.
With the introduction of hierarchical security modeling, Microsoft has moved the Security functionality to its own area of CRM. You can now get to everything security related by going to Settings –> Security (previously this was in the Administration section).
You’ll notice a new Hierarchy Security link on this page as well as a Positions link. If you click on it you’ll notice the following options:
Manager Hierarchy uses the existing Manager field on the System User record. However, with this hierarchical model, you’re required to be in the same Business Unit hierarchy for it to apply successfully. This is why the Position Hierarchy Model was built which we’ll describe below. A good Use Case for the manager model is if a manager needs to take actions upon records their reports have access (for example the report goes on vacation)
Position Hierarchy on the other hand allows you to go across business units. CRM Administrators can and add users to any given position to be included in that position. A good Use Case for the position model is organizations that have a “Sales Team” and “Sales Management” team that span across business units yet these positions should have access to subordinate records.
As stated earlier, Position Hierarchy can be configured where an Administrator can define Positions, define the Parent Positions, and also add users to Positions so that the Position Hierarchy security method is executed to your specific business needs.
It is strongly recommended that Hierarchical Security be used with the other security tools (e.g., security roles, teams, business units, etc.). The Hierarchical Security model does grant additional permissions based on users, managers, and positions:
There are also some performance considerations to keep in mind when enabling hierarchy security:
With all the security methods provided out of the box by Dynamics CRM now with 2015, I can see some organizations with very complex security requirements being easily achievable using native security methods.