|



 



CRM Security
And
General CRM Settings
 2



› Security Model

› How the CRM Security Model Works

› Authentication
› Authorization

› General CRM Settings: Administration

› General CRM Settings: Business Management


 

 ÷
 

Microsoft Dynamics CRM provides you with a security model that protects data integrity and privacy
and supports efficient data access and collaboration. The goals of the model are as follows

› Supports a licensing model for users.

› Provides users with access only to the information that they require to do their jobs

› Categorizes types of users by role and restrict access based on those roles.

› Prevents users from accessing objects that they do not own or share.

› Supports data sharing by providing the ability to grant users with access to objects that they do not
own to participate in a specified collaborative effort.


 

 ² 

2
÷
 
 

The two major aspects of a security model are authentication and authorization.

› i

is the process of determining if a user is who he or she claims to be. Authentication
is accomplished by using a well known Identity (username) and a secret, something only the user
knows (e.g. password). If the user is authenticated, the system grants the user access to the extent
specified in the permission list for that user.

› i 
is the right granted to a user (or group of users) to access the system and the data
stored on it. In other words, the authorization process determines which data a user can access


 

 i


 
Microsoft Dynamics CRM 4.0 supports a variety of authentication methods to accommodate the various CRM
deployment models. Each authentication method is applicable to one or more CRM deployment models, as
shown in the following table


 

 i 

To determine the extent to which users have access to the system and the resources it stores, Microsoft
Dynamics CRM leverages two complementary security mechanisms:

›  

in Microsoft Dynamics CRM focuses on grouping a set of privileges together
that describe the tasks that are performed for a user in a specific job function. The basic concepts of
role-based security include the following:

› ¬sers are assigned one or more roles based on their job function or tasks

› Roles are associated with permissions (privileges and access levels) for the different business
objects (entities)

› ¬sers gain access to entities or groups of entities in the system via membership in a role that
has been assigned the necessary privileges and access levels to perform the usersǯ jobs

› Ú

in Microsoft Dynamics CRM focuses on how users gain access to individual
instances of business objects (entities).


 

  



   in Microsoft Dynamics CRM is based on the interaction of privileges and access
levels, which work together through the use of security roles.

› |  define what actions a user can perform on each entity in Microsoft Dynamics CRM.
Privileges are pre-defined in Microsoft Dynamics CRM and cannot be changed; examples of privileges
include Create, Read, Write, and Delete.

› i
 
indicate which records associated with each entity the user can perform actions upon.
Although default access levels are assigned to each privilege, the access level can be changed


 

  

÷ 
| 

The privileges that apply to most entity types in Microsoft Dynamics CRM are described in the
following table.


 

 

÷ 
i
 

˜



 


   




 
 












 

 
  

 

  












 

   
2
÷
 

Microsoft Dynamics CRM includes a set of pre-defined security roles that reflect common user roles.
Each security role is associated with a set of privileges that determines the user's access to
information within the company.


 

Security Role: Privileges and access levels

The privileges and access levels that are associated with the Customer Service Representative role at
Contoso are shown in the following screenshot


 

Ú
÷ 

Ú 
÷ 
i


Úbject-based security applies to individual instances of entities and is provided by using 

. The relationship between an 


and a   is that access rights apply only
after privileges have taken effect. An access right is granted to a user for a particular entity instance.
The following table describes the access rights that are provided in Microsoft Dynamics CRM 4.0


 

 Ú
÷ 
÷




Ú




÷




Sharing provides the ability for users to allow other users or teams access to specific customer
information, which can be useful for sharing data with users that are assigned to roles that have only
the ¬
access level.
Consider the following example:
› Bob and Ted are both assigned the Salesperson role, which has ¬
Read and Write access to
accounts
› Ted owns Account B and shares Úpportunity 1 with Bob, with Read rights
› Bob can now read Úpportunity 1, but not Account B


 

Ú
÷ 
÷




Ú




2 


Share A user who has share privileges on a given entity type can share
instances of that type with any other user or team in Microsoft Dynamics
CRM.
Share rights To share an entity instance with another user, grant access rights (Read,
Write, Delete, Append, Assign, and Share) to the other user for that entity
instance. Access rights on a shared entity instance can be different for
each user with whom the entity instance is shared. However, you cannot
grant a user rights that he or she would not automatically have for that
type of entity based on the role assigned to that user. For example, when
you share an account with a user that does not have Read privileges on
accounts, the user will not be able to see that account.
Modify share Alter the rights granted to a shared entity instance after it has been
shared.
Remove share When you share an entity instance with another user or team, you can
stop sharing the instance at a later time. After you remove sharing for an
entity instance, the other user or team loses access rights to the instance.


 

Ú
÷ 
i





Ú




i




Anyone with i
privileges on an entity instance can assign that object to another user. When an
entity instance is assigned to a new user.
› The new user becomes the owner of the entity instance and its related entity instances.
› The original user loses ownership of the entity instance but automatically shares it with the new
owner.


 




2
÷

› Administration

› Business Management


 

General CRM Settings: Administration

i


!

An announcement is a message that appears to all users on the home page of the Web application. Announcements are
owned by the organization.
i "!

Contracts, cases, knowledge base articles, quotes, orders, invoices, and marketing campaigns are automatically
numbered by Microsoft Dynamics CRM. Microsoft Dynamics CRM automatically generates unique numbers for
selected record types, such as contracts and cases. If your organization has standard numbering formats, you can
change the default 3-character prefixes, and you can change how the numbers are constructed to match your
organization.

 ¬

A 


  is a unit of the top-level organization. Business units can be parents of other business units (child
business units). The first business unit created for an organization is called the root business.
A business unit basically is a group of users. Large organizations with multiple customer bases often use multiple
business units to control data access and define security roles so that users can access records only in their own
business unit. Here you can Create new business units, Change a parent business unit and Disable a business unit.
÷  
Security roles are predefined groups of common privileges based on the types of tasks users perform.
Defined sets of privileges. The security role assigned to a user determines which tasks the user can perform and which
parts of the user interface the user can view. All users must be assigned at least one security role in order to access the
system


 

General CRM Settings: Administration

÷ !
÷


¬se can use the system setting to do the following settings on

›



Set the options that affect how names and currency are displayed, how records are shared, and if attachments
are allowed.
› M !

Set the regional format for how numbers, currency, time, and dates are displayed.
› !

Set the options that control how e-mail is tracked and managed.
› 


Set the options that control how marketing campaign e-mail features are managed.
› 2 !

Set the prefix for the names of new entities.

› Ú 

Set the options for how users can synchronize with Microsoft Dynamics CRM for Úutlook .
›  

Specify report categories.
˜!

A team is a group of users who share and collaborate on business records. A team can consist of members who all
report to one business unit or members who report to different business units. ). A team cannot be deleted after it is
created. However, you can deactivate a team by removing all the members from the team. To reactivate the team in the
future, just add new members to it.


 

 General CRM Settings: Administration

¬
Manage a ¬ser's Record. ¬se this list to add, edit, enable and disable users ( People who have active user accounts in
Microsoft Dynamics CRM. ) , assign security roles and change business units or managers for a user. You can also
manage a user's working hours for scheduling.
#

¬se this for settings to enable or disable the language


 

General CRM Settings: Business Management

M

Fiscal year options affect the way in which your organization's data is stored in the Microsoft Dynamics CRM database.
Therefore, you can set the fiscal year options only once. You cannot change these settings after you have set them.
M 
$
%!

Facilities and equipment are types of resources i.e. ¬sers that perform a service, or the equipment or facilities that
are required for a service. used to create selection rules for services.
 

 
¬se resource groups to group users, and equipment as part of the selection rules for a service .
÷
A service is a type of work performed for a customer by one or more resources. Services are schedulable activities. It
is used as part of a service .A service activity uses one or more resources to perform a service at a specific time and
place.
÷
Subjects are the Categories used in a hierarchical list to correlate and organize information. Subjects are used in the
subject tree to organize products, sales literature, and knowledge base articles. They are used in cases, sales literature,
products, and articles.
2

Currencies determine the prices for products in the product catalog and the cost of transactions, such as sales orders.
You can add as many currencies as are necessary for your organization, but you cannot change the base currency after
it has been set.


 

General CRM Settings: Business Management

÷
The site is a business location to which resources are assigned. A site is used to ensure that all resources required for
a service are in the same physical location. It determines where a can be provided. Sites are used for service
scheduling.
÷ 
˜ 
A segment of an organization's market that is assigned to a salesperson or a group of salespeople. You can assign one
sales territory per user.
&
Holding containers for activities that need to be completed. There are queues that contain cases and activities in the
Workplace, and queues of articles in the knowledge base. There are two standard queues 

|  and i
.


2 
A period of time that the entire business is closed and service activities cannot be made. You can use a business
closure to block when someone can schedule an appointment or service.
 

 
Relationship roles represent standard labels that can be used to identify relationships that exist between accounts,
contacts, and opportunities.

