Role-based security is handled by security roles, which are basically a grouping of a set of privileges and five access levels. Privileges define which action a user can perform on a specific entity; for example, we can configure whether a user can create an account entity record or not. Access level defines up to what level the user can perform a particular action on a specific entity; for example, if a user can read data created by himself, created under his business unit, from a child business unit of his business unit, or from the organization level.

Record-based security is used to control security for specific entity records using access rights. Access rights work on the basis of privileges only, so an access right will only work if users have appropriate privileges on a specific entity; for example, a user can only access a record that is shared with him if he has read privileges.

Field-level security allows us to control specific field security on the basis of the field level security profile. In field-level security, we can define read, create, and update access to a particular field in which the field level security is enabled. In Microsoft Dynamics CRM 2015 we can enable field-level security for both system and custom fields. We will cover field-level security in detail in a later chapter.

For our training solution application, we are going to use the following three security roles: