Microsoft CRM provides us the OOB security model that helps us to prevent unauthorized access to our data. We can enforce security in Microsoft CRM using security roles. A security role is a combination of different privileges and access levels.
- Privileges: These are actions such as Create, Write, Delete, Read, Append, Append To, Assign, Share, and Reparent that a Microsoft CRM user can perform on entities. The list of the actions performed is as follows:
- Create: This action is used to create an entity record
- Read: This action is used to read an entity record
- Write: This action is used to modify an entity record
- Delete: This action is used to delete an entity record
- Append: This action is used to relate one entity record to another entity record
- Append To: This action is used to relate other entity records to the current entity record
- Share: This action is used to share an entity record with another user
- Reparent: This action is used to assign a different owner to an entity record
- Access level: This defines on which entity record a Microsoft CRM user can perform actions defined by privileges. We have the following actions under access levels:
- Organization: This action is used to provide access to all records in an organization
- Parent-child Business Unit: This action is used to provide access to all the records in the user's business unit as well as in all child business units of the user's business unit
- Business: This action is used to provide access to all records in the user's business unit
- User: This action allows the user to access records created by him/her, or shared with him/her, or shared with his/her team
We must assign at least one security role to access Microsoft CRM applications. Microsoft CRM provides us with 14 OOB security roles that can be customized based on our requirements. The following diagram is the security-role hierarchy that we have identified for the Employee Management System:
The blocks in the preceding diagram can be explained as follows:
- HR Manager: This role will have access to all information for an employee in the ERMS system
- Recruiter: This role will not have access to information about offered packages to an employee
- System Administrator: This role will have administrative privileges and will be responsible for customizing and maintaining ERMS
We will be customizing the existing security roles for our ERMS. The following table shows the security role mapping that we be will using:
|
Microsoft CRM Security Role |
ERMS Security Role |
|---|---|
|
Sales Manager |
Manager |
|
Salesperson |
Recruiter |
|
System Administrator |
System Administrator |
We need to use the following steps to customize the existing security role:
- Navigation to Setting | Administration | Security Roles.
- Double-click on the Sales Manager role to open it in edit mode.
- Change Role Name to
Manager. - Click on Save and then on Close.
- Follow the same steps to change the name of the Sales Person role to
Recruiter.
Once we have changed the security role name, we need to configure the Security Manager and Recruiter roles to remove unnecessary privileges. Follow the ensuing instructions to configure the Manager Security role:
- Navigate to the Core Records tab in the Manager Security role.
- Clear all privileges from the Opportunity and Document location entities.
- Navigate to the Marketing tab and clear all privileges from the Campaign and Marketing list entities.
- Navigate to the Sales tab and clear all privileges from all sales module entities, as shown in the following screenshot:
- Navigate to the Service tab and clear all privileges from all service module entities.
- Click on Save and Close.
Follow all the preceding steps to remove the same privileges from the Recruiter role as well.