Mapping the Basic User to Security Role Settings - Suggestions - Microsoft Lystavlen - the Online display board - Site Home

In Dynamics CRM we have three types of User Subscription Licenses (USLs); Professional, Basic, and Essential

Professional users has full rights to 'everything' in CRM
Essential users has rights to custom entities primarily
Basic users sits sort of in-between, in terms of use rights

Note - A fourth USL (Enterprise) is available. Its equivalent to Professional plus Dynamics Marketing, Social Care (specific markets) and Unified Service Desk.

Each of the above licenses has a different price point; if Professional is 4X then Basic is approximately 2X, and Essential is X. Hence its often of interest to the customer to 'get the right mix' between Professional and Basic users, ending up with the optimal average price point.

The Basic user has full access to eg the Account, Contact, Lead, and Case entitites, but have read only/limited use rights to certain entities, eg. Opportunities. Using the Security Role settings in Dynamics CRM you can control what a user can access. Hence mapping the two - the Use Rights of the Basic user to the available Security Role settings - is interesting.

Use Rights for the Basic USL

Appendix A in the "Licensing and Pricing Guide, June 2014" maps CRM Online Use Rights to the Pro, Basic and Essential USL's.

Security Roles

A security role in Dynamics CRM defines how different users, such as salespeople, access different types of records. To control access to data, you can modify existing security roles, create new security roles, or change which security roles are assigned to each user. Each user can have multiple security roles.

To access the security roles click Settings -> Administration -> Security Roles

In the "New Security Role" dialog you can control what a user with that new role can do in CRM using the various tabs and settings (priveleges and scope) in the dialog.

The tabs are

Core Records
Marketing
Sales
Service
Business Management
Service Management
Customizations
Custom Entities

The access right/priveleges are

Create - create a record
Read - read a record
Write - make changes to a record
Delete - delete a record
Append - associate a record to another record
Append To - associate entity record to this record
Share - give access to a record to another user while keeping your own access
Reparent - assign a different parent to entity record

The scopes are

None Selected = No access is allowed
User = This access level gives a user access to records he or she owns, objects that are shared with the user, and objects that are shared with a team of which the user is a member
Business Unit = This access level gives a user access to records in the user's business unit
Parent: Child Business Unit = This access level gives a user access to records in the user's business unit and all business units subordinate to the user's business unit
Organisation = This access level gives a user access to all records within the organization, regardless of the business unit hierarchical level to which the instance or the user belongs

Mapping Use Rights to Security Role settings for the Basic USL

In the table below I've taken the first steps trying to map the Basic USL to CRM Security Role settings. Please note: the below table is a my personal suggestion and by no means authoritive.

The tab has six columns:

"Appendix A - Subject" = The left most column ("Use Rights" in the Appendix A above, sorted alphabetically
"Basic" = Appendix A - Basic User Use Rights (1=Full, 0=None)
"Focus" = What I consider being the deciding context
"USL" = Lists if Basic user has Full or Read access to the entity to the left (the "Focus" Column) according to the simple chart (an interpretation of Figure 5 in the Licensing and Pricing Guide)
"Security Tab" - name of the tab in CRM Security Roles where the setting is to be done
"Security Setting(s) - suggested" = which settings I suggest you look at on the tab

Appendix A: Subject	Basic	Focus	USL	Security Tab	Security: Setting(s) - suggested
Accounts	1	Accounts		Core	Account
Activity Management	1	Activities		Core	Activity
Add or remove a Customer for an Account	1	Customer Relationship		Core	Customer Relationship
Add or remove a Customer Relationship for a Contact	1	Customer Relationship		Core	Customer Relationship
Advanced Find Search	1	Search
Associate an Opportunity with a Contact	1	Contacts	Full	Core	Opportunity = Append, Contact = Append To
Associate an Opporturity with an Account	1	Accounts	Full	Core	Opportunity = Append, Account = Append To
Case Management	1	Cases	Full	Service	Case
Contacts	1	Contacts	Full	Core	Contact
Convert an Activity to a Case	1	Cases	Full	Service	Case = (Create)
Create and Update Announcements	1	Announcements		Core	Announcement
Create personal views	1	Views - Personal		Customization	View = (Create)
Create, Update, Customize Reports	1	Reports		Core	Report
Export data to Microsoft ExceI	1	Data - Export		Business Management	Export to Excel
Follow Activity Feeds	1	Follow		Core	Follow
Lead Capture	1	Leads	Full	Core	Lead
Lead scoring, routing and assignment	1	Leads
Manage Saved Views	1	Views - Saved		Core	Saved Views
Manage user reports, user charts, and user dashboards	1	Reports, Charts, Dashboards - User	Full	Core	Report, User Chart, User Dashboard
Microsoft CRM for Outlook	1	Client UI		Business Management	Sync to Outlook, Go Offline in Outlook
Microsoft CRM Web application	1	Client UI
Microsoft Dynamics CRM for iPad & Windows 8	1	Client UI		Business Management	Use CRM for Tablets
Microsoft Dynamics CRM Mobile Express	1	Client UI
Notes	1	Notes	Full	Core	Note
Perform Mail Merge	1	Mail Merge		Business Management	Mail Merge, Web Mail Merge, (Core:Mail Merge Template)
Post Activity Feeds	1	Post	Full	Core	Post
Qualify and Convert a Lead to a Contact	1	Contacts	Full	Core	At least WRITE on Lead as well as CREATE & WRITE on Contact
Qualify and Covert a Lead to an Account	1	Accounts	Full	Core	At least WRITE on Lead as well as CREATE & WRITE on Account
Read Articles	1	Articles		Service	Article = (Read)
Read Custom Application Data	1	Data - Custom			Customization:User Application Metadata
Read Dynamics CRM Application Data	1	Data - CRM Application	Read		Core:Application File, Customization:System Application Metadata
Run an automated workflow	1	Workflows - Automated		Customization	Execute Workflow Job
Run as an On-demand Process	1	Processes (Workflows)		Customization	Process, Execute Workflow Job
Run Reports	1	Reports		Core	Report
Search	1	Search
Shared Calendar	1	Calendar - Shared		Service Management	Calendar
SLAs	1	SLAs		Service Management	SLA
Start Dialog	1	Dialogs		Customization	Execute Workflow Job
Use a Queue item	1	Queues		Core	Queue:Write
Use Relationships between Records	1	Relationships		Core	Relationship Role
User Charts	1	Charts - User		Core	User Chart
User Dashboards	1	Dashboard - User		Core	User Dashboard
User Interface Integration for Microsoft Dynamics CRM	1
View Announcements	1	Announcements		Core	Announcement
Write Custom Entity Records	1	Entities - Custom		Customization	Entity = (Write)
Yammer Collaboration	1	Yammer			Customization:Configure Yammer
Administer CRM	0	CRM
Article Templates	0	Articles - Templates		Service	Article Templates = No
Competitor Tracking	0	Competitors	Read	Sales	Competitor = Read
Configure Auditing	0	Auditing		Core	Delete Audit Partitions = No, View Audit History, View Audit Partitions, View Audit Summary
Configure Duplicate-Detection Rules	0	Duplicate-detection rules		Core	Duplicated Detection Rule = No
Configure SLA Policies	0	SLA Policies		?
Contract Management	0	Contracts	Read	Service	Contract = (Read)
Contract Templates	0	Contracts - Templates		Service	Contract Template = No
Convert an Activity to an Opporturity	0	Opportunities	Read	Core	Opportunities = (Read)
Create and Publish Articles	0	Articles		Service	Create = No, Publish Articles = No
Create CRM Forms, Entities, Fields	0	Forms, entities, fields		Customization	Entity = (NOT Create), Field = (NOT Create)
Customize Forms and Views	0	Forms, Views		Customization	System Form = No
Define and Configure Business Units	0	Business Units		Business Management	Business Unit = No, Enable or Disable a Business Unit, Reparent Business Unit
Define and Configure Dialogs	0	Dialogs		Customization	Activate Real-time Processes = No, Activate Business Rules = No
Define and Configure Queues	0	Queues		Core	Queue/Create = No
Define and Configure Workflows	0	Workflows		Customization	Activate Business Process Flows = No, Activate Real-time Processes = No, Activate Business Rules = No
Define and Configure Services, Resources, and Work Hours	0	Services, Resources, and Work Hours	Read	?
Define and Configure Teams	0	Teams		Business Management	Team = No
Define Relationships Entities	0	Relationships		Core?	Relationship Role, Opportunity Relationship, Customer Relationship
Facility/Equipment Management	0	Facilities, Equipment	Read	Service Management	Facility/Equipment = No
Goal Management	0	Goals	Read	Business Management	Goal = No, Goal Metric = No, Perform in sync rollups on goals = No
Import Data in Bulk	0	Data - import - Bulk		Core	Data Import = No
Invoice Management	0	Invoices	Read	Sales	Invoice = No, Override Invoice Pricing = No, Override Quote Order Invoice Delete = No
Marketing Campaigns	0	Marketing campaigns	Read	Marketing	Campaign = No, Create Quick Campaign = No
Marketing Lists	0	Marketing lists	Read	Marketing	Marketing List = No
Opporturity Tracking	0	Opportunities	Read	Core	Opportunities = Read
Order Management	0	Orders	Read	Sales	Order = No (or Read)
Price Lists	0	Price lists	Read	Service?
Product Tracking	0	Products	Read	Sales	Product
Qualify and Convert a Lead to an Opporturity	0	Opportunities	Read	Core	Opportunities = (Read)
Quick Campaigns	0	Quick campaigns	Read	Marketing	Create Quick Campaign = No
Quote Management	0	Quotes	Read	Sales	Quote = (Read)
Sales literature	0	Sales literature		Sales	Sales literature = No
System Reports, System Charts, System Dashboards	0	Reports, Charts, Dashboards - System	Read	Customization	System Chart = No
Territory management	0	Territories		Sales	Territory = No (Business Management:Assign Territory to User)

See also

Create or edit a security role - link
CRM Online Service Description - http://technet.microsoft.com/en-us/library/microsoft-dynamics-crm-online-service-description.aspx

hassan sayed issa20014

23 Jul 2014 9:30 AM

thank you

Kofod

4 Aug 2014 9:48 PM

Is these different user rights and Price points also applicabel to CRM on prem?

Jesper_Osgaard

5 Aug 2014 7:34 AM

http://download.microsoft.com/download/3/E/5/3E5F721D-69F4-4398-9E25-A47F81777031/MicrosoftDynamicsCRM2013On-PremisesLicensingGuide(CustomerReady).pdf

RecepYUKSEL

5 Aug 2014 9:08 AM

Thank you very much Jesper.

Optevia Steve

9 Aug 2014 12:54 PM

Really useful post jesper, but i thought the Enterprise licence was available outside of the US as well?

Ed (DareDevil57)

15 Aug 2014 8:45 AM

Thank you

Daniel

2 Sep 2014 4:31 PM

Thanks Jesper. A (maybe dumb) question, if access is NOT restricted by security roles, could a basic user theoretically use all the functionality? in other words, access is not restricted inherently by the USL?

Jason

1 Oct 2014 6:14 PM

If I were to purchase ESS CALs, would they show up as an option in the user License Type drop down? I only see Full and Limited as options.

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Microsoft Lystavlen - the Online display board

Mapping the Basic User to Security Role Settings - Suggestions

Mapping the Basic User to Security Role Settings - Suggestions