security crm 2

8/9/2019 Security CRM 2

1/21

Proteans Software Solutions

CRM Security

And

General CRM Settings


2/21

www.proteans.com

ContentsContents

Security Model

How the CRM Security Model Works

Authentication

Authorization

General CRM Settings: Administration

General CRM Settings: Business Management


3/21

www.proteans.com

Security ModelSecurity Model

Microsoft Dynamics CRM provides you with a security model that protects data integrity and privacyand supports efficient data access and collaboration. The goals of the model are as follows

Supports a licensing model for users.

Provides users with access only to the information that they require to do their jobs

Categorizes types of users by role and restrict access based on those roles.

Prevents users from accessing objects that they do not own or share.

Supports data sharing by providing the ability to grant users with access to objects that they do not

own to participate in a specified collaborative effort.


4/21

www.proteans.com

How the CRM Security Model WorksHow the CRM Security Model Works

The two major aspects of a security model are authentication and authorization.

Authentication is the process of determining if a user is who he or she claims to be. Authentication

is accomplished by using a well known Identity (username) and a secret, something only the user

knows (e.g. password). If the user is authenticated, the system grants the user access to the extent

specified in the permission list for that user.

Authorization is the right granted to a user (or group of users) to access the system and the datastored on it. In other words, the authorization process determines which data a user can access


5/21

www.proteans.com

Authentication MethodsAuthentication Methods

Microsoft Dynamics CRM 4.0 supports a variety of authentication methods to accommodate the various CRM

deployment models. Each authentication method is applicable to one or more CRM deployment models, as

shown in the following table


6/21

www.proteans.com

AuthorizationAuthorization

To determine the extent to which users have access to the system and the resources it stores, MicrosoftDynamics CRM leverages two complementary security mechanisms:

Role-based security in Microsoft Dynamics CRM focuses on grouping a set of privileges together

that describe the tasks that are performed for a user in a specific job function. The basic concepts of

role-based security include the following:

Users are assigned one or more roles based on their job function or tasks

Roles are associated with permissions (privileges and access levels) for the different business

objects (entities)

Users gain access to entities or groups of entities in the system via membership in a role that

has been assigned the necessary privileges and access levels to perform the users jobs

Object-based security in Microsoft Dynamics CRM focuses on how users gain access to individual

instances of business objects (entities).


7/21

www.proteans.com

RoleRole--based securitybased security

Role-based security in Microsoft Dynamics CRM is based on the interaction of privileges and access

levels, which work together through the use of security roles.

Privileges define what actions a user can perform on each entity in Microsoft Dynamics CRM.

Privileges are pre-defined in Microsoft Dynamics CRM and cannot be changed; examples of privileges

include Create, Read, Write, and Delete.

Access levels indicate which records associated with each entity the user can perform actions upon.

Although default access levels are assigned to each privilege, the access level can be changed


8/21

www.proteans.com

Roles Based Security: PrivilegesRoles Based Security: Privileges

The privileges that apply to most entity types in Microsoft Dynamics CRM are described in thefollowing table.


9/21

www.proteans.com

Roles Based Security: Access levelsRoles Based Security: Access levels

The access level associated with a privilege determines (for a given entity type) the levels withinthe organizational hierarchy at which a user belonging to a specific role can act on that type of

entity.


10/21

www.proteans.com

Microsoft CRM Security RolesMicrosoft CRM Security Roles

Microsoft Dynamics CRM includes a set of pre-defined security roles that reflect common user roles.Each security role is associated with a set of privileges that determines the user's access to

information within the company.


11/21

www.proteans.com

Security Role: Privileges and access levelsSecurity Role: Privileges and access levels

The privileges and access levels that are associated with the Customer Service Representative role atContoso are shown in the following screenshot


12/21

www.proteans.com

ObjectObject--based Security:based Security: Access Rights

Object-based security applies to individual instances of entities and is provided by using accessrights. The relationship between an access rightand a privilege is that access rights apply only

after privileges have taken effect. An access right is granted to a user for a particular entity instance.

The following table describes the access rights that are provided in Microsoft Dynamics CRM 4.0


13/21

www.proteans.com

ObjectObject--based Security: Sharing Entitybased Security: Sharing Entity

InstancesInstances

Sharing Entity

Sharing provides the ability for users to allow other users or teams access to specific customer

information, which can be useful for sharing data with users that are assigned to roles that have only

the User access level.

Consider the following example:

Bob and Ted are both assigned the Salesperson role, which has User Read and Write access to

accounts

Ted owns Account B and shares Opportunity 1 with Bob, with Read rights Bob can now read Opportunity 1, but not Account B


14/21

www.proteans.com

ObjectObject--based Security: Sharing Entitybased Security: Sharing Entity

InstancesInstances

Capability Description

Share A user who has share privileges on a given entity type can share

instances of that type with any other user or team in Microsoft Dynamics

CRM.

Share rights To share an entity instance with another user, grant access rights (Read,

Write, Delete, Append, Assign, and Share) to the other user for that entity

instance. Access rights on a shared entity instance can be different foreach user with whom the entity instance is shared. However, you cannot

grant a user rights that he or she would not automatically have for that

type of entity based on the role assigned to that user. For example, when

you share an account with a user that does not have Read privileges on

accounts, the user will not be able to see that account.

Modify share Alter the rights granted to a shared entity instance after it has been

shared.

Remove share When you share an entity instance with another user or team, you can

stop sharing the instance at a later time. After you remove sharing for an

entity instance, the other user or team loses access rights to the instance.


15/21

www.proteans.com

ObjectObject--based Security: Assigning Entitybased Security: Assigning Entity

InstancesInstances

Assigning Entity

Anyone with Assign privileges on an entity instance can assign that object to another user. When an

entity instance is assigned to a new user.

The new user becomes the owner of the entity instance and its related entity instances.

The original user loses ownership of the entity instance but automatically shares it with the new

owner.


16/21

www.proteans.com

General CRM SettingsGeneral CRM Settings

Administration

Business Management


17/21

www.proteans.com

General CRM Settings: AdministrationGeneral CRM Settings: Administration

AnnouncementAn announcement is a message that appears to all users on the home page of the Web application. Announcements are

owned by the organization.

Auto-Numbering

Contracts, cases, knowledge base articles, quotes, orders, invoices, and marketing campaigns are automatically

numbered by Microsoft Dynamics CRM. Microsoft Dynamics CRM automatically generates unique numbers for

selected record types, such as contracts and cases. If your organization has standard numbering formats, you can

change the default 3-character prefixes, and you can change how the numbers are constructed to match your

organization.BusinessUnits

A business unitis a unit of the top-level organization. Business units can be parents of other business units (child

business units). The first business unit created for an organization is called the root business.

A business unit basically is a group of users. Large organizations with multiple customer bases often use multiple

business units to control data access and define security roles so that users can access records only in their own

business unit. Here you can Create new business units, Change a parent business unit and Disable a business unit.

Security Roles

Security roles are predefined groups of common privileges based on the types of tasks users perform.Defined sets of privileges. The security role assigned to a user determines which tasks the user can perform and which

parts of the user interface the user can view. All users must be assigned at least one security role in order to access the

system


18/21

www.proteans.com


System SettingsUse can use the system setting to do the following settings on

General

Set the options that affect how names and currency are displayed, how records are shared, and if attachments

are allowed.

Formats

Set the regional format for how numbers, currency, time, and dates are displayed.

E-mail

Set the options that control how e-mail is tracked and managed. Marketing

Set the options that control how marketing campaign e-mail features are managed.

Customization

Set the prefix for the names of new entities.

Outlook

Set the options for how users can synchronize with Microsoft Dynamics CRM for Outlook .

Reporting

Specify report categories.

Team

A team is a group of users who share and collaborate on business records. A team can consist of members who all

report to one business unit or members who report to different business units. ). A team cannot be deleted after it is

created. However, you can deactivate a team by removing all the members from the team. To reactivate the team in the

future, just add new members to it.


19/21

www.proteans.com


UsersManage a User's Record.Use this list to add, edit, enable and disable users ( People who have active user accounts in

Microsoft Dynamics CRM. ) , assign security roles and change business units or managers for a user. You can also

manage a user's working hours for scheduling.

Languages

Use this for settings to enable or disable the language


20/21

www.proteans.com

General CRM Settings: Business ManagementGeneral CRM Settings: Business Management

Fiscal yearFiscal year options affect the way in which your organization's data is stored in the Microsoft Dynamics CRM database.

Therefore, you can set the fiscal year options only once. You cannot change these settings after you have set them.

Facilities / Equipment

Facilities and equipment are types of resources i.e.Users that perform a service, or the equipment or facilities that

are required for a service. used to create selection rules for services.

Resource Groups

Use resource groups to group users, and equipment as part of the selection rules for a service .

Services

A service is a type of work performed for a customer by one or more resources. Services are schedulable activities. It

is used as part of a service .A service activity uses one or more resources to perform a service at a specific time and

place.

Subjects

Subjects are the Categories used in a hierarchical list to correlate and organize information. Subjects are used in the

subject tree to organize products, sales literature, and knowledge base articles. They are used in cases, sales literature,

products, and articles.

Currencies

Currencies determine the prices for products in the product catalog and the cost of transactions, such as sales orders.

You can add as many currencies as are necessary for your organization, but you cannot change the base currency after

it has been set.


21/21

www.proteans.com

General CRM Settings: Business ManagementGeneral CRM Settings: Business Management

SitesThe site is a business location to which resources are assigned. A site is used to ensure that all resources required for

a service are in the same physical location. It determines where a can be provided. Sites are used for service

scheduling.

Sales Territories

A segment of an organization's market that is assigned to a salesperson or a group of salespeople. You can assign one

sales territory per user.

Queues

Holding containers for activities that need to be completed. There are queues that contain cases and activities in the

Workplace, and queues of articles in the knowledge base. There are two standard queues In Progress and Assigned.

Business Closures

A period of time that the entire business is closed and service activities cannot be made. You can use a business

closure to block when someone can schedule an appointment or service.

Relationship Roles

Relationship roles represent standard labels that can be used to identify relationships that exist between accounts,

contacts, and opportunities.

security crm 2

Documents