Skip to main content



No record found.

Microsoft Dynamics CRM forum

Adjust Dynamics CRM security as per business needs

Posted on by 218

Hi Experts,

We have a challenge related to the Dynamics CRM security architecture.

We need to categorize our customers based on which sector they belong to. For example

Education, Health, E-Commerce, Govt, Corporate etc.

We need to have different teams (Education-Team, Health-Team, Ecommerce-Team etc.) responsible for managing each type of customers. Each type of customers should be visible to their respective team of users or their managers only.

In some cases, a customer can belong to more than one sectors (Education, Health etc.), in such cases more than one Teams (Users and Users Managers) will have access to the Customers but we only want to share Customers (nothing else) between the teams, for example we don’t want to share one team’s Opportunities/Quotes/Orders with other another team even if the customer itself is shared.

We also need Top managers to have access to all Customers and related information.


Our recommended solution is to do it through teams. We will require to have two teams per sector, which will be Sector-Customers and Sector-General, for example for Education it will be Education-Customers and Education-General. Users belong to Education-Customers will have access to the Customers and Users belong to Education-General will have access to all other information of the Customer.

Security level will be user based, when a new customer is comes in, he will be owned by a default customer and he will choose the sector of the Customer. Based on the selected Customer’s sectors, the Customer will be shared with respective team. For example, of if the Sector of the customer is Education, the Customer will be shared with Education-Customers Team.

While creating other records for example Opportunities, the user will specify the “Type/Sector” of the Opportunity and the Opportunity will be shared with a team based on Opportunity’s Sector.


Can we have your expert opinion on this structure?

  • Yaqub Ahmad Profile Picture
    Yaqub Ahmad 218 on at
    RE: Adjust Dynamics CRM security as per business needs

    Thanks for your response.

    We have not decided yet about the mechanism of assigning sectors to customers, we will either go with Option Sets (As don't expect too many sectors) or a Lookup (Custom entity).

    Regardless of wither we define different views or same views for all kind of customers, we will handle the data based on security roles/privileges, which means that if the user has enough permissions he will be able to see the records.

    The reason for managing the sector at both Customer and Opportunity level is that a Customer can belong to more than one sectors, a user can also belong to more than one teams (Team-Govt, Team-Education), so it will be hard to automatically populate sector at Opportunity level.

    We are thinking about user level security, so the person who create the Customer will become the owner and then he can share it with  any team by assigning sector to the customer.

    Once the sector is assigned to the customer/Opportunity, we will have a  workflow which will take care of sharing it with relevant teams. Any child records (Activities, Quotes, Orders etc.) will inherit security permissions from its parent (Customer or Opportunity).

  • jtzyou Profile Picture
    jtzyou 5 on at
    RE: Adjust Dynamics CRM security as per business needs


    What mechanism are you using to assign the sectors to the customer? Are you using boolean (excuse me, 'Two option')  fields to do so? Perhaps are you using a lookup to a separate, custom entity (table) where more than one sector can be assigned to a customer?


    Are you defining views based on the sector(s) assigned to the customers? Are you planning on using system views or custom views for this? There are some remaining security questions to consider in this area.


    I'm not really fond of the idea of managing sectors on both accounts and opportunities. This means you'll be managing this in two places instead of just one place. You could conceivably configure the system to 'carry over' the sectors into the opportunity from the account - but this assumes that you'll be creating all opportunities in this fashion - and you'll likely need to control this 'somehow.'


    What mechanism will control the ownership of new customers? I'm a bit confused about how a customer can own another customer. It occurs to me that you mean that there is one person (owner) that will be responsible for assigning the sectors - but this amounts to a single point of failure - so you need to ensure that you have a backup structure in place to prevent all work from stopping.


    In your mind will the assigning of teams be automated once the sector is assigned. Are you planning a workflow, a plug-in, or a workflow enabled plug-in to handle this aspect?



    As a general rule, the suggestion is to either keep security (i.e. visibility of the objects) either locked down completely at the start and then open up specific objects (with a lot of testing) or vice versa - that is, start with security relatively 'loose' and then tighten up (with a lot of testing).


    General feedback

    The scenario seems relatively standard for a sales-process. You'll need to monitor and have the right controls in place to ensure it works correctly. I believe that if this is done correctly, that you'll be successful in the long run. There used to be some concern about overrunning the principaluserobjectaccess when using a mix of teams and users - I'm not certain if this is still the case. Microsoft doesn't seem inclined to discuss this with me - so it remains unclear.

Helpful resources

Quick Links

Replay now available! Dynamics 365 Community Call (CRM Edition)

Catch up on the first D365 Community Call held on 7/10

Community Spotlight of the Month

Kudos to Saurav Dhyani!

Congratulations to the June Top 10 community leaders!

These stars go above and beyond . . .


André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 287,696 Super User

Martin Dráb Profile Picture

Martin Dráb 225,490 Super User

nmaenpaa Profile Picture

nmaenpaa 101,148


Featured topics

Product updates

Dynamics 365 release plans