Microsoft Lystavlen - the Online display board

Lystavlen is the danish word for 'the display board'. This blog is all about sharing the beauty of Microsoft Online Services

Mapping the Basic User to Security Role Settings - Suggestions

Mapping the Basic User to Security Role Settings - Suggestions

  • Comments 9
  • Likes

In Dynamics CRM we have three types of User Subscription Licenses (USLs); Professional, Basic, and Essential

  1. Professional users has full rights to 'everything' in CRM
  2. Essential users has rights to custom entities primarily
  3. Basic users sits sort of in-between, in terms of use rights

Note - A fourth USL (Enterprise) is available. Its equivalent to Professional plus Dynamics Marketing, Social Care (specific markets) and Unified Service Desk.

Each of the above licenses has a different price point; if Professional is 4X then Basic is approximately 2X, and Essential is X. Hence its often of interest to the customer to 'get the right mix' between Professional and Basic users, ending up with the optimal average price point.

The Basic user has full access to eg the Account, Contact, Lead, and Case entitites, but have read only/limited use rights to certain entities, eg. Opportunities. Using the Security Role settings in Dynamics CRM you can control what a user can access. Hence mapping the two - the Use Rights of the Basic user to the available Security Role settings - is interesting.

Use Rights for the Basic USL

Appendix A in the "Licensing and Pricing Guide, June 2014" maps CRM Online Use Rights to the Pro, Basic and Essential USL's. 

Security Roles

A security role in Dynamics CRM defines how different users, such as salespeople, access different types of records. To control access to data, you can modify existing security roles, create new security roles, or change which security roles are assigned to each user. Each user can have multiple security roles.

To access the security roles click Settings -> Administration -> Security Roles

In the "New Security Role" dialog you can control what a user with that new role can do in CRM using the various tabs and settings (priveleges and scope) in the dialog.

The tabs are

  • Core Records
  • Marketing
  • Sales
  • Service
  • Business Management
  • Service Management
  • Customizations
  • Custom Entities

The access right/priveleges are

  • Create - create a record
  • Read - read a record
  • Write - make changes to a record
  • Delete - delete a record
  • Append - associate a record to another record
  • Append To - associate entity record to this record
  • Share - give access to a record to another user while keeping your own access
  • Reparent - assign a different parent to entity record

The scopes are

  • None Selected = No access is allowed
  • User = This access level gives a user access to records he or she owns, objects that are shared with the user, and objects that are shared with a team of which the user is a member
  • Business Unit = This access level gives a user access to records in the user's business unit
  • Parent: Child Business Unit = This access level gives a user access to records in the user's business unit and all business units subordinate to the user's business unit
  • Organisation = This access level gives a user access to all records within the organization, regardless of the business unit hierarchical level to which the instance or the user belongs

Mapping Use Rights to Security Role settings for the Basic USL

In the table below I've taken the first steps trying to map the Basic USL to CRM Security Role settings. Please note: the below table is a my personal suggestion and by no means authoritive.

The tab has six columns:

  1. "Appendix A - Subject" = The left most column ("Use Rights" in the Appendix A above, sorted alphabetically
  2. "Basic"  = Appendix A - Basic User Use Rights (1=Full, 0=None)
  3. "Focus" = What I consider being the deciding context
  4. "USL" = Lists if Basic user has Full or Read access to the entity to the left (the "Focus" Column) according to the simple chart (an interpretation of Figure 5 in the Licensing and Pricing Guide)
  5. "Security Tab" - name of the tab in CRM Security Roles where the setting is to be done
  6. "Security Setting(s) - suggested" = which settings I suggest you look at on the tab

 

Appendix A: Subject

Basic

Focus

USL

Security Tab

Security: Setting(s)  - suggested

Accounts

1

Accounts

 

Core

Account

Activity Management

1

Activities

 

Core

Activity

Add or remove a Customer
for an Account

1

Customer Relationship

Core

Customer Relationship

Add or remove a Customer Relationship for a Contact

1

Customer Relationship

 

Core

Customer Relationship

Advanced Find Search

1

Search

 

Associate an Opportunity
with a Contact

1

Contacts

Full

Core

Opportunity = Append,
Contact = Append To

Associate an Opporturity
with an Account

1

Accounts

Full

Core

Opportunity = Append,
Account = Append To

Case Management

1

Cases

Full

Service

Case

Contacts

1

Contacts

Full

Core

Contact

Convert an Activity to a Case

1

Cases

Full

Service

Case = (Create)

Create and Update Announcements

1

Announcements

 

Core

Announcement

Create personal views

1

Views - Personal

 

Customization

View = (Create)

Create, Update, Customize Reports

1

Reports

 

Core

Report

Export data to Microsoft ExceI

1

Data - Export

 

Business Management

Export to Excel

Follow Activity Feeds

1

Follow

 

Core

Follow

Lead Capture

1

Leads

Full

Core

Lead

Lead scoring, routing and assignment

1

Leads

 

Manage Saved Views

1

Views - Saved

 

Core

Saved Views

Manage user reports,
user charts,
and user dashboards

1

Reports, Charts, Dashboards - User

Full

Core

Report,
User Chart,
User Dashboard

Microsoft CRM for Outlook

1

Client UI

 

Business Management

Sync to Outlook,
Go Offline in Outlook

Microsoft CRM Web application

1

Client UI

 

Microsoft Dynamics CRM
for iPad & Windows 8

1

Client UI

 

Business Management

Use CRM for Tablets

Microsoft Dynamics CRM
Mobile Express

1

Client UI

 

Notes

1

Notes

Full

Core

Note

Perform Mail Merge

1

Mail Merge

 

Business Management

Mail Merge,
Web Mail Merge,
(Core:Mail Merge Template)

Post Activity Feeds

1

Post

Full

Core

Post

Qualify and Convert a
Lead to a Contact

1

Contacts

Full

Core

At least WRITE on Lead as well as CREATE & WRITE on Contact

Qualify and Covert a
Lead to an Account

1

Accounts

 Full

Core

At least WRITE on Lead as well as CREATE & WRITE on Account

Read Articles

1

Articles

 

Service

Article = (Read)

Read Custom Application Data

1

Data - Custom

 

Customization:User Application Metadata

Read Dynamics CRM
Application Data

1

Data - CRM Application

Read

 

Core:Application File,
Customization:System Application Metadata

Run an automated workflow

1

Workflows - Automated

 

Customization

Execute Workflow Job

Run as an On-demand Process

1

Processes (Workflows)

 

Customization

Process,
Execute Workflow Job

Run Reports

1

Reports

 

Core

Report

Search

1

Search

 

Shared Calendar

1

Calendar - Shared

 

Service Management

Calendar

SLAs

1

SLAs

 

Service Management

SLA

Start Dialog

1

Dialogs

 

Customization

Execute Workflow Job

Use a Queue item

1

Queues

 

Core

Queue:Write

Use Relationships between Records

1

Relationships

 

Core

Relationship Role

User Charts

1

Charts - User

 

Core

User Chart

User Dashboards

1

Dashboard - User

 

Core

User Dashboard

User Interface Integration for Microsoft Dynamics CRM

1

 

View Announcements

1

Announcements

 

Core

Announcement

Write Custom Entity Records

1

Entities - Custom

 

Customization

Entity = (Write)

Yammer Collaboration

1

Yammer

 

Customization:Configure Yammer

Administer CRM

0

CRM

 

Article Templates

0

Articles - Templates

 

Service

Article Templates = No

Competitor Tracking

0

Competitors

Read

Sales

Competitor = Read

Configure Auditing

0

Auditing

 

Core

Delete Audit Partitions = No,
View Audit History,
View Audit Partitions,
View Audit Summary

Configure Duplicate-Detection Rules

0

Duplicate-detection rules

 

Core

Duplicated Detection Rule = No

Configure SLA Policies

0

SLA Policies

 

?

Contract Management

0

Contracts

Read

Service

Contract = (Read)

Contract Templates

0

Contracts - Templates

 

Service

Contract Template = No

Convert an Activity to an Opporturity

0

Opportunities

Read

Core

Opportunities = (Read)

Create and Publish Articles

0

Articles

 

Service

Create = No,
Publish Articles = No

Create CRM Forms, Entities, Fields

0

Forms, entities, fields

 

Customization

Entity = (NOT Create),
Field = (NOT Create)

Customize Forms and Views

0

Forms, Views

 

Customization

System Form = No

Define and Configure
Business Units

0

Business Units

 

Business Management

Business Unit = No, 
Enable or Disable a
Business Unit,
Reparent Business Unit

Define and Configure
Dialogs

0

Dialogs

 

Customization

Activate Real-time
Processes = No,
Activate Business Rules = No

Define and Configure
Queues

0

Queues

 

Core

Queue/Create = No

Define and Configure
Workflows

0

Workflows

 

Customization

Activate Business Process
Flows = No,
Activate Real-time
Processes = No,
Activate Business Rules = No

Define and Configure
Services, Resources, and Work Hours

0

Services, Resources, and Work Hours

Read

?

Define and Configure
Teams

0

Teams

 

Business Management

Team = No

Define Relationships Entities

0

Relationships

 

Core?

Relationship Role,
Opportunity Relationship,
Customer Relationship

Facility/Equipment Management

0

Facilities, Equipment

Read

Service Management

Facility/Equipment = No

Goal Management

0

Goals

Read

Business Management

Goal = No,
Goal Metric = No,
Perform in sync rollups
on goals = No

Import Data in Bulk

0

Data - import - Bulk

 

Core

Data Import = No

Invoice Management

0

Invoices

Read

Sales

Invoice = No,
Override Invoice Pricing = No,
Override Quote Order
Invoice Delete = No

Marketing Campaigns

0

Marketing campaigns

Read

Marketing

Campaign = No,
Create Quick Campaign = No

Marketing Lists

0

Marketing lists

Read

Marketing

Marketing List = No

Opporturity Tracking

0

Opportunities

Read

Core

Opportunities = Read

Order Management

0

Orders

Read

Sales

Order = No (or Read)

Price Lists

0

Price lists

Read

Service?

Product Tracking

0

Products

Read

Sales

Product

Qualify and Convert a
Lead to an Opporturity

0

Opportunities

Read

Core

Opportunities = (Read)

Quick Campaigns

0

Quick campaigns

Read

Marketing

Create Quick Campaign = No

Quote Management

0

Quotes

Read

Sales

Quote = (Read)

Sales literature

0

Sales literature

 

Sales

Sales literature = No

System Reports, System Charts, System Dashboards

0

Reports, Charts, Dashboards - System

Read

Customization

System Chart = No

Territory management

0

Territories

 

Sales

Territory = No
(Business Management:Assign Territory to User)

See also

  • Create or edit a security role - link
  • CRM Online Service Description - http://technet.microsoft.com/en-us/library/microsoft-dynamics-crm-online-service-description.aspx

Comments
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment