locked
Permissions Loop hole or "Design Feature" RRS feed

  • Question

  • Hi  - I am in the process of deploying CRM 4.0.  I have come across an issue with permissions and I am looking for some help. 

     We want to restrict people so that they cannot copy our list of customers to excel etc.  While we have removed reporting, exporting etc from within CRM (all works fine), I have noticed that from within outlook a user can change their "local data group" setting so that they can sync the entire data base of contacts to outlook - therefore they can copy the lot to a spreadsheet and off they go!

    I have set the permissions on their role to only allow update etc to their OWN records, yet the outlook ability is unaffected - anyone got any idea's?

    Wednesday, March 3, 2010 3:29 PM

Answers

  • Ultimately a user could get a pen and paper and write down all records they have access to, or screenshot them. If you want to restrict users from stealing data, limit their access to it. In other words make it such that users can only see the records they own. The disadvantage is the possibility of creating duplicate records in the system but this is the price paid for not trusting employees to honour their employment contracts.

    Leon Tribe

    Want to hear me talk about all things CRM? Check out my blog

    http://leontribe.blogspot.com/

    or hear me tweet @leontribe


    Want to hear me talk about all things CRM? Check out my blog http://leontribe.blogspot.com/ or hear me tweet @leontribe
    • Proposed as answer by Leon TribeMVP Wednesday, March 3, 2010 8:59 PM
    • Marked as answer by Jim Glass Jr Friday, March 5, 2010 9:14 PM
    Wednesday, March 3, 2010 8:59 PM

All replies

  • Personally I don't think that trying to configure the system to restrict the ability to export data is the way to solve the problem of users making off with data; processes and legal constraints are a more appropriate approach.

    Having said that, you could remove the Write permission from the Saved View entity. This should stop the users from editing the Local Data Group
    Microsoft CRM MVP - http://mscrmuk.blogspot.com  http://www.excitation.co.uk
    Wednesday, March 3, 2010 8:53 PM
    Moderator
  • Ultimately a user could get a pen and paper and write down all records they have access to, or screenshot them. If you want to restrict users from stealing data, limit their access to it. In other words make it such that users can only see the records they own. The disadvantage is the possibility of creating duplicate records in the system but this is the price paid for not trusting employees to honour their employment contracts.

    Leon Tribe

    Want to hear me talk about all things CRM? Check out my blog

    http://leontribe.blogspot.com/

    or hear me tweet @leontribe


    Want to hear me talk about all things CRM? Check out my blog http://leontribe.blogspot.com/ or hear me tweet @leontribe
    • Proposed as answer by Leon TribeMVP Wednesday, March 3, 2010 8:59 PM
    • Marked as answer by Jim Glass Jr Friday, March 5, 2010 9:14 PM
    Wednesday, March 3, 2010 8:59 PM