Security CRM 2
-
Upload
deepak-kumar -
Category
Documents
-
view
215 -
download
0
Transcript of Security CRM 2
-
8/9/2019 Security CRM 2
1/21
Proteans Software Solutions
CRM Security
And
General CRM Settings
-
8/9/2019 Security CRM 2
2/21
www.proteans.com
ContentsContents
Security Model
How the CRM Security Model Works
Authentication
Authorization
General CRM Settings: Administration
General CRM Settings: Business Management
-
8/9/2019 Security CRM 2
3/21
www.proteans.com
Security ModelSecurity Model
Microsoft Dynamics CRM provides you with a security model that protects data integrity and privacyand supports efficient data access and collaboration. The goals of the model are as follows
Supports a licensing model for users.
Provides users with access only to the information that they require to do their jobs
Categorizes types of users by role and restrict access based on those roles.
Prevents users from accessing objects that they do not own or share.
Supports data sharing by providing the ability to grant users with access to objects that they do not
own to participate in a specified collaborative effort.
-
8/9/2019 Security CRM 2
4/21
www.proteans.com
How the CRM Security Model WorksHow the CRM Security Model Works
The two major aspects of a security model are authentication and authorization.
Authentication is the process of determining if a user is who he or she claims to be. Authentication
is accomplished by using a well known Identity (username) and a secret, something only the user
knows (e.g. password). If the user is authenticated, the system grants the user access to the extent
specified in the permission list for that user.
Authorization is the right granted to a user (or group of users) to access the system and the datastored on it. In other words, the authorization process determines which data a user can access
-
8/9/2019 Security CRM 2
5/21
www.proteans.com
Authentication MethodsAuthentication Methods
Microsoft Dynamics CRM 4.0 supports a variety of authentication methods to accommodate the various CRM
deployment models. Each authentication method is applicable to one or more CRM deployment models, as
shown in the following table
-
8/9/2019 Security CRM 2
6/21
www.proteans.com
AuthorizationAuthorization
To determine the extent to which users have access to the system and the resources it stores, MicrosoftDynamics CRM leverages two complementary security mechanisms:
Role-based security in Microsoft Dynamics CRM focuses on grouping a set of privileges together
that describe the tasks that are performed for a user in a specific job function. The basic concepts of
role-based security include the following:
Users are assigned one or more roles based on their job function or tasks
Roles are associated with permissions (privileges and access levels) for the different business
objects (entities)
Users gain access to entities or groups of entities in the system via membership in a role that
has been assigned the necessary privileges and access levels to perform the users jobs
Object-based security in Microsoft Dynamics CRM focuses on how users gain access to individual
instances of business objects (entities).
-
8/9/2019 Security CRM 2
7/21
www.proteans.com
RoleRole--based securitybased security
Role-based security in Microsoft Dynamics CRM is based on the interaction of privileges and access
levels, which work together through the use of security roles.
Privileges define what actions a user can perform on each entity in Microsoft Dynamics CRM.
Privileges are pre-defined in Microsoft Dynamics CRM and cannot be changed; examples of privileges
include Create, Read, Write, and Delete.
Access levels indicate which records associated with each entity the user can perform actions upon.
Although default access levels are assigned to each privilege, the access level can be changed
-
8/9/2019 Security CRM 2
8/21
www.proteans.com
Roles Based Security: PrivilegesRoles Based Security: Privileges
The privileges that apply to most entity types in Microsoft Dynamics CRM are described in thefollowing table.
-
8/9/2019 Security CRM 2
9/21
www.proteans.com
Roles Based Security: Access levelsRoles Based Security: Access levels
The access level associated with a privilege determines (for a given entity type) the levels withinthe organizational hierarchy at which a user belonging to a specific role can act on that type of
entity.
-
8/9/2019 Security CRM 2
10/21
www.proteans.com
Microsoft CRM Security RolesMicrosoft CRM Security Roles
Microsoft Dynamics CRM includes a set of pre-defined security roles that reflect common user roles.Each security role is associated with a set of privileges that determines the user's access to
information within the company.
-
8/9/2019 Security CRM 2
11/21
www.proteans.com
Security Role: Privileges and access levelsSecurity Role: Privileges and access levels
The privileges and access levels that are associated with the Customer Service Representative role atContoso are shown in the following screenshot
-
8/9/2019 Security CRM 2
12/21
www.proteans.com
ObjectObject--based Security:based Security: Access Rights
Object-based security applies to individual instances of entities and is provided by using accessrights. The relationship between an access rightand a privilege is that access rights apply only
after privileges have taken effect. An access right is granted to a user for a particular entity instance.
The following table describes the access rights that are provided in Microsoft Dynamics CRM 4.0
-
8/9/2019 Security CRM 2
13/21
www.proteans.com
ObjectObject--based Security: Sharing Entitybased Security: Sharing Entity
InstancesInstances
Sharing Entity
Sharing provides the ability for users to allow other users or teams access to specific customer
information, which can be useful for sharing data with users that are assigned to roles that have only
the User access level.
Consider the following example:
Bob and Ted are both assigned the Salesperson role, which has User Read and Write access to
accounts
Ted owns Account B and shares Opportunity 1 with Bob, with Read rights Bob can now read Opportunity 1, but not Account B
-
8/9/2019 Security CRM 2
14/21
www.proteans.com
ObjectObject--based Security: Sharing Entitybased Security: Sharing Entity
InstancesInstances
Capability Description
Share A user who has share privileges on a given entity type can share
instances of that type with any other user or team in Microsoft Dynamics
CRM.
Share rights To share an entity instance with another user, grant access rights (Read,
Write, Delete, Append, Assign, and Share) to the other user for that entity
instance. Access rights on a shared entity instance can be different foreach user with whom the entity instance is shared. However, you cannot
grant a user rights that he or she would not automatically have for that
type of entity based on the role assigned to that user. For example, when
you share an account with a user that does not have Read privileges on
accounts, the user will not be able to see that account.
Modify share Alter the rights granted to a shared entity instance after it has been
shared.
Remove share When you share an entity instance with another user or team, you can
stop sharing the instance at a later time. After you remove sharing for an
entity instance, the other user or team loses access rights to the instance.
-
8/9/2019 Security CRM 2
15/21
www.proteans.com
ObjectObject--based Security: Assigning Entitybased Security: Assigning Entity
InstancesInstances
Assigning Entity
Anyone with Assign privileges on an entity instance can assign that object to another user. When an
entity instance is assigned to a new user.
The new user becomes the owner of the entity instance and its related entity instances.
The original user loses ownership of the entity instance but automatically shares it with the new
owner.
-
8/9/2019 Security CRM 2
16/21
www.proteans.com
General CRM SettingsGeneral CRM Settings
Administration
Business Management
-
8/9/2019 Security CRM 2
17/21
www.proteans.com
General CRM Settings: AdministrationGeneral CRM Settings: Administration
AnnouncementAn announcement is a message that appears to all users on the home page of the Web application. Announcements are
owned by the organization.
Auto-Numbering
Contracts, cases, knowledge base articles, quotes, orders, invoices, and marketing campaigns are automatically
numbered by Microsoft Dynamics CRM. Microsoft Dynamics CRM automatically generates unique numbers for
selected record types, such as contracts and cases. If your organization has standard numbering formats, you can
change the default 3-character prefixes, and you can change how the numbers are constructed to match your
organization.BusinessUnits
A business unitis a unit of the top-level organization. Business units can be parents of other business units (child
business units). The first business unit created for an organization is called the root business.
A business unit basically is a group of users. Large organizations with multiple customer bases often use multiple
business units to control data access and define security roles so that users can access records only in their own
business unit. Here you can Create new business units, Change a parent business unit and Disable a business unit.
Security Roles
Security roles are predefined groups of common privileges based on the types of tasks users perform.Defined sets of privileges. The security role assigned to a user determines which tasks the user can perform and which
parts of the user interface the user can view. All users must be assigned at least one security role in order to access the
system
-
8/9/2019 Security CRM 2
18/21
www.proteans.com
General CRM Settings: AdministrationGeneral CRM Settings: Administration
System SettingsUse can use the system setting to do the following settings on
General
Set the options that affect how names and currency are displayed, how records are shared, and if attachments
are allowed.
Formats
Set the regional format for how numbers, currency, time, and dates are displayed.
E-mail
Set the options that control how e-mail is tracked and managed. Marketing
Set the options that control how marketing campaign e-mail features are managed.
Customization
Set the prefix for the names of new entities.
Outlook
Set the options for how users can synchronize with Microsoft Dynamics CRM for Outlook .
Reporting
Specify report categories.
Team
A team is a group of users who share and collaborate on business records. A team can consist of members who all
report to one business unit or members who report to different business units. ). A team cannot be deleted after it is
created. However, you can deactivate a team by removing all the members from the team. To reactivate the team in the
future, just add new members to it.
-
8/9/2019 Security CRM 2
19/21
www.proteans.com
General CRM Settings: AdministrationGeneral CRM Settings: Administration
UsersManage a User's Record.Use this list to add, edit, enable and disable users ( People who have active user accounts in
Microsoft Dynamics CRM. ) , assign security roles and change business units or managers for a user. You can also
manage a user's working hours for scheduling.
Languages
Use this for settings to enable or disable the language
-
8/9/2019 Security CRM 2
20/21
www.proteans.com
General CRM Settings: Business ManagementGeneral CRM Settings: Business Management
Fiscal yearFiscal year options affect the way in which your organization's data is stored in the Microsoft Dynamics CRM database.
Therefore, you can set the fiscal year options only once. You cannot change these settings after you have set them.
Facilities / Equipment
Facilities and equipment are types of resources i.e.Users that perform a service, or the equipment or facilities that
are required for a service. used to create selection rules for services.
Resource Groups
Use resource groups to group users, and equipment as part of the selection rules for a service .
Services
A service is a type of work performed for a customer by one or more resources. Services are schedulable activities. It
is used as part of a service .A service activity uses one or more resources to perform a service at a specific time and
place.
Subjects
Subjects are the Categories used in a hierarchical list to correlate and organize information. Subjects are used in the
subject tree to organize products, sales literature, and knowledge base articles. They are used in cases, sales literature,
products, and articles.
Currencies
Currencies determine the prices for products in the product catalog and the cost of transactions, such as sales orders.
You can add as many currencies as are necessary for your organization, but you cannot change the base currency after
it has been set.
-
8/9/2019 Security CRM 2
21/21
www.proteans.com
General CRM Settings: Business ManagementGeneral CRM Settings: Business Management
SitesThe site is a business location to which resources are assigned. A site is used to ensure that all resources required for
a service are in the same physical location. It determines where a can be provided. Sites are used for service
scheduling.
Sales Territories
A segment of an organization's market that is assigned to a salesperson or a group of salespeople. You can assign one
sales territory per user.
Queues
Holding containers for activities that need to be completed. There are queues that contain cases and activities in the
Workplace, and queues of articles in the knowledge base. There are two standard queues In Progress and Assigned.
Business Closures
A period of time that the entire business is closed and service activities cannot be made. You can use a business
closure to block when someone can schedule an appointment or service.
Relationship Roles
Relationship roles represent standard labels that can be used to identify relationships that exist between accounts,
contacts, and opportunities.