locked
security risk with access to CRM database RRS feed

  • Question

  •  

    Hi I have a question regarding protecting CRM data based on security role and filtered views.

    When CRM users are  doman users and the filtered views are based on the current user context. Based on the current user accessing the data, MS CRM will diplay only accessible data , based on the security settings (role, business units). I belive the way the MS CRM database works , with windows and sql autehntication,  will let any domain users connect to the database with their credentials and potentially query any base table removing any security filtering logic..Is this correct? if so what settings should we follow  to prevent this?

    Friday, September 5, 2008 1:05 PM

All replies

  • No, that is not correct.  The base rights for users will not give them access tot he tables, only the filtered views.  CRM does not leverage SQL auth for anything.

     

    Friday, September 5, 2008 4:08 PM
  • Thanks Matt for replying.

     

    I was concerned the users could create a SQL server regitration to the CRM database using their domain credentials..

     

     

     

     

    Friday, September 5, 2008 4:27 PM