Customize Security Roles to Specific Business need in Microsoft Dynamics CRM.

Objective:

?????????????? ?Here is this article we will see what are the Customize Security Roles to Specific Business need in Microsoft Dynamics CRM.

In Microsoft Dynamic CRM we can also create new Security Roles, there are few points which need to consider before creating security roles.

Understand the User Roles:

Begin by analyzing each employee’s role and determining the specific system features and functionalities they require access to. Once you have a clear picture of these responsibilities, you can develop tailored security roles. For example, consider a Sales Manager’s role:

• Create Permissions: A Sales Manager should be able to create new Leads and Accounts.
• Edit and View Permissions: They should have the ability to view and modify existing Leads and Accounts.
• Delete Restrictions: They must not have the capability to permanently delete Leads or Accounts.
• Ownership Restrictions: They should not be allowed to transfer record ownership of Leads or Accounts to other users.

Understanding Privileges and Access Levels:

If you understand the available privileges and corresponding access levels is essential for making informed decisions about permission assignments. This ensures that users only access the data and functions they need. The standard access levels are defined as follows.

None: No privileges are assigned.

User (Basic): Privileges are granted for records owned by the individual user and their team to which the user belongs.

Business Unit (Local): Access is limited to records owned within the users own business unit

Parent (Deep): Permissions extend to records owned by the parent business unit as well as any associated child business units.

Organization (Global): This level provides access to all records across the organization, regardless of who owns them.

While this overview covers the basics, you can delve deeper into each level as needed.

Use the Principle of Least Privilege:

When defining user roles, it’s best to start by granting the minimal permissions necessary for each task. The principle of least privilege means that users receive only the access required to perform their duties, which helps prevent unauthorized access to sensitive system areas and reduces the risk of accidental or intentional data breaches.

Consider using team-based role:

For larger organizations, managing security roles at the team level can be more efficient and practical than handling them individually. Here are some key benefits:

• Streamlined Role Management: When roles are assigned to teams, every member automatically inherits the necessary permissions. This approach simplifies the process of managing users with similar access requirements.
• Enhanced Collaboration: Teams often work together on projects, so granting security roles at the team level ensures that everyone has equal access to the data and functionalities they need, fostering better teamwork.
• Simplified Transitions and Greater Control: As a System Administrator, you can more easily adjust to changes by updating the team’s role rather than modifying each user's security settings individually.

Let us see how to create new Security role in Dynamic 365

Creating a New Security Role in Dynamics 365:

?????????????? Before assigning a security role to a user, you must first create the role in Dynamics 365. Follow these steps.

Creating Security Role:

1.???? In the navigation pane, select Environments and choose the desired environment.

2.???? Click on Power Platform Environment Settings and then select Security.

This process allows you to define new security roles that meet the specific needs of your organization

3. When click on the “Security Role” then following screen will appear.

4. ? Select New. When you click on the “New” button you will see following screen. Here you will enter the name of the security role, select Business Unit and also Members’ privilege inheritance

After filling the above screen and saving it you will be redirected to the following screen to set the appropriate privilege for each of the table (entity).

5. ?? Go to each tab and set the appropriate privileges on each table.

a.???? None: No Privileges given.

b.???? User (Basic): The privilege will be given to the records owned by the user and the team to which the user belongs.

c.????? Business Unit (Local): Privileges to records owned by the business unit to which the user belongs.

d.???? Parent (Deep): Privileges to the records owned by the parent business unit to which the user belongs and the child business units associated with that business unit.

e.???? Organization (Global): Privileges for all records in the organization regardless of who owns it.