Understanding Security in Dynamics 365.

 Hello Guys,

In our previous blog we have seen what are teams in Dynamics 365 and how to create teams. Today we are going to understand one of the most important feature of Dynamics 365 i.e. Security.



Do follow us to know more about Dynamics and Power Platform. Also if you like our blog then please comment and share this blog with your friends.

For any organization Security is main concern when it comes to deal with information or data. Once your organization data is secured, you are much relaxed to do more business with new customers. Normally for Security implementation, we create Security Roles in Dynamics 365. Security Roles are a matrix of privileges and access levels for the various entities. They are grouped under different tabs based on their functionality. These group include : Core Records, Marketing, Sales, Service, Business Management, Service Management, Customization and Custom Entities.

When you add a new users into the CRM system, they are not able to access any entity or app. We have to provide them some privileges and access to the apps and entity then only they are able to access.

For example we have created one user named tavleen@******.onmicrosoft.com. Now we are trying to login using this credential.



As you can see we are getting error as this user does not having any privileges or access. 

Before we go into deep about security, we should understand Privileges and Level of access first.

Privileges : - They are the basic security units that defines what action a user can perform in the CRM system. These can not be added or deleted but can be modified. The common privileges available in the CRM System are as follows:

  • Create allows a user to make a new record.
  • Read allows a user to open and view a record.
  • Write allows a user to make changes to a record.
  • Delete allows a user to permanently erase a record.
  • Append allows a user to associate another record to the current record.
  • Append to allows a user to associate the current record to another record.
  • Assign allows a user to give ownership of a record to another user.
  • Share allows a user to grant access to a record to another user.

Level of Access :- This is indicated by the degree of fill and color of the little circles against each entity for each privileges. These level determines the records of an entity upon which the user can perform a given privileges.

  • None allows access to no records.
  • User allows access to the records owned by the user or shared with the user. Also includes the privileges owned by the team to which the user belongs.
  • Business Unit allows privileges for all records owned in the business unit to which the user belong.
  • Parent Child Business Unit allows access to the records owned in the business unit and to the records owned by the Child Business unit.
  • Global or Organization allows access to all records in the organization regardless of who owns it.

Microsoft Dynamics provides three types of security for preventing users to access organization data.

Role Based Security :- It enables you to restrict or allow access to entity using privileges and access levels. For example if we want some users with the security role of Sales Manager to have read, write and delete access to all Account records and some users with the security role of Sales Person to have only read access to all Account records then role based security helps to accomplish this. 

You can also use default security roles provided by Microsoft which are as below: 
  • CEO-Business Manager
  • CSR Manager
  • Customer Service Representative (CSR)
  • Delegate
  • Marketing Manager
  • Marketing Professional
  • Sales Manager
  • Salesperson
  • Schedule Manager
  • Scheduler
  • Support User
  • System Administrator
  • System Customizer
  • Vice President of Marketing
  • Vice President of Sales
You can also customize the existing roles or create new roles but modifying the existing role is not a good practice so we recommend to create a new role by copying existing role and modify it.

Record Based Security :- It allows or restricts access to specific records in the CRM. For example if your user is having access to the Leads records created by own then those records are not accessible by other user. In this situation if we want other user to work on same leads records then they are not able to access it due to privileges. To overcome this problem we can create Record Based Security.
While working with Record Based Security it should be kept in mind that Record Based Security apply after privileges which means if you are sharing the record read access with the user who is not having any read privileges then that user is not able to read the record.

Field Based Security :- It allows or restricts access to specific fields on an entity. For example if we want only a set of users to see specific field on Lead Entity (Annual Revenue for instance) then Field Based Security can hide or display that field based on users.

Now we will see how to assign security roles to the user. We have created two users tavleen@******.onmicrosoft.com and malishka@******.onmicrosoft.com. When these users are trying to login first time they are seeing an error as shown in above image. So now first we will give them some app access roles.

Navigate to Settings and click on Security.




Now click on Users and Select Enabled User View.




As you can see here we have our users and both the users are having different Business Unit. Now select one user and click on Manage Roles and assign roles as shown below.




Do the same for another user.

Now login with both the users and check whether they are able to access sales app.




Below is the Sales Person Security Role.




As you can see Account Entity is having read and create privileges at user level.
which means both the user can not see each other's record. To ensure this we will be creating one account record from both the user.






As you can see both the users are not able to see each other's record. Now we will be adding the both the user in same business unit. 




Now we will change the level of access for read and create for Account entity at BU.




Now we will be refreshing the Account view and will see that both the users are able to see each other's record.




In our upcoming blog we will see how to create new security roles.

Hope it helps...



Comments

Post a Comment

Popular posts from this blog

Read Only Sub Grid & Editable Sub grid in Dynamics 365

Image
Hello Guys, In my previous blogs we have seen Duplicate Detection in Dynamics 365 where we covered how you can use OOB feature of D365 to detect duplicate records. Today we will see how we can implement editable sub grid.  But before if you are new to our blog then do follow us to know more about Dynamics and Power Platform. Also if you like our blog then please comment and share this blog with your friends. In Dynamics CRM we have seen many entities sharing parent child relationships and we can create records of child from the parent page. For example Account and Contact Entity. We can create a new contact entity from the Account Form with the help of Sub Grid control. We can also create sub grid for custom entity and can utilize it in our own way. We will be using Department and Employee Entity for demonstration. Below are the steps: Step 1:- Login to Dynamics 365 with credentials. Step 2:- Click on Advance Settings Gear icon. Navigate to Settings -> Solution -...
Read more

Using Pipelines in Power platform for deploying solutions to environments.

Image
Hello Guys, In our previous  blog   we have seen how to use changesets in PA flow for atomic transactions. Today we will see how we can use Power Platform pipeline for deploying solutions. Do follow us to know more about Dynamics and Power Platform.  Also if you like our blog then please comment and share this blog with your friends. AS a CRM Developer, we need to create and manage solutions for various environment. Once development is done on Dev environment, we are moving the CRM changes by packaging into the solution to next environment like UAT and Production. Previously we were doing the solution movement manually but nowadays we have CICD pipeline in Azure. Now Microsoft has introduced pipelines in Power Platform too. So today we will be exploring the same Pipeline and will see how to deploy solutions in various environment using Power Platform Pipeline.  As you can see in above image, we have three environments like Dev, UAT and Prod. We will be doing some cus...
Read more

Understanding Sales Process in D365.

Image
Hello Guys, In our previous blog we have seen what is Lead and types of leads. Today we are going to understand Sales Process. Do follow us to know more about Dynamics and Power Platform. Also if you like our blog then please comment and share this blog with your friends. Sales Life cycle begins with Lead. Business captures leads through advertising, marketing, trade shows, mailings etc. Whenever organization gets any new lead, Sales Person captures the information of the lead in Lead entity available in Dynamics 365. For creating lead we require only two things, Lead Name and a Topic describing the lead. Once lead creation is completed, Sales Person performs follow up activities by sending emails, appointment and phone calls to collect more information about the lead. Microsoft Dynamics 365 stores these activities in the Activities entity in the system. Leads can be qualified or disqualified. A disqualified lead indicates that the lead is not a good candidate for sales opportunit...
Read more