Professional Documents
Culture Documents
81060ae Dyn365 Conf Enus 02
81060ae Dyn365 Conf Enus 02
• Examples:
• Create Contacts
• Read Accounts
• Update Invoices
• Delete Cases
Security Roles: Entity Privileges
Privileges
Common privileges found in each role include:
Privilege Description
Create Can create records of the entity
Read Can read records of the entity
Write Can update data for records of the entity
Delete Can delete records of the entity
Append Can attach this entity to other records
Append To Can attach other records to this entity
Assign Can assign record ownership to other users or teams
Share Can share record with other users or teams
Append vs Append to
• Append: Indicates it can be attached to other records
• Example: Associate activities to other CRM records
• Append to: Indicates it can have other records attached to it
• Example: Account record can have cases, contacts, opportunities, etc.
• Application behavior is a combination of both
Append to Account Append to Account
No Append to on No append Documents Append Documents
Account
User
None
X
None
Organization
Root Business Unit
Parent: Child BU
Support
Business
Projects
Unit
User
None
User
Organization
Root Business Unit
User
None
Business Unit
Organization
Root Business Unit
User
None
Parent: Child BU
Organization
Root Business Unit
User
None
Organization
Organization
Root Business Unit
User
None
Security Roles
• Roles and business units
• Each role must be assigned to a specific business unit.
Root Business
Social Mgr Role
Unit
• Roles created in a business unit are automatically inherited
by each of its “child” business units.
Social Mgr Role Sales
• New roles can be added to any business unit.
• Business units may each contain roles with the same name,
but permissions and access levels may be completely
Social Mgr Role Support
different.
Account
Security Role:
Opportunity
Sales Person
Case
Security Roles: Effect of Multiple Roles
User gets all the privileges of all their roles
Read Write Assign
Account
Security Role:
Opportunity
Baseline for all users
Case
Account
Effective Permissions: Opportunity
Sales Person Case
Security Roles: Layered Approach
Read Write Assign
Account
Security Role:
Opportunity
Baseline for all users
Case
Account
Security Role:
Opportunity
Sales Person
Case
Account
Security Role: Opportunity
Sales Manager Case
Security Roles: Effect of Multiple Roles
User gets all the privileges of all their roles Read Write Assign
Account
Security Role:
Opportunity
Baseline for all users
Case
Account
Effective Permissions: Opportunity
Sales Person Case
Account
Effective Permissions: Opportunity
Sales Manager Case
Security Roles: Non-Layered Approach
Read Write Assign
Account
Security Role:
Opportunity
Baseline for all users
Case
Account
Security Role: Opportunity
Sales Person
OR
Case
Account
Security Role: Opportunity
Sales Manager Case
Module Review
The CRM security model is used to control access to data,
features, and UI elements
Security Roles use a combination of privileges and access
levels to control access
Users can be assign multiple security roles based on the job
requirements.