Remove From My Forums

CRM Security Architecture

Question
0

Sign in to vote

I was curious what the best security architecture would be in CRM 2011 for functionality and application. I know it's going to vary by company and implementation, but is there a good baseline to start with when applying Security Roles and Field Security Profiles to business units, teams, and users?

For example, we have a single organization and single business unit with users from several different departments using resources and security roles/field security profiles applied per user. Would it be more practical to split each department into its own child business unit (of primary business unit) and apply security on a business unit level?

Thursday, November 8, 2012 5:34 PM

Answers

0

Sign in to vote
It really depends on your needs...

Business Units should only be used if:

you got a requirement to prevent people from 1 department to view/write/delete another departments records
you got a requirement to make reports on department levels and want a simple way to create departments in CRM

Otherwise... dont start using it.. because using Business units can also present some challenges with security roles.
Rune Daub Senior Consultant - Dynateam CRM http://www.xrmmanagement.com
- Proposed as answer by Maryna ButenkoEditor Friday, November 9, 2012 1:10 PM
- Marked as answer by Josh Waclawski Friday, November 9, 2012 1:11 PM
Thursday, November 8, 2012 7:20 PM

All replies

0

Sign in to vote
It really depends on your needs...

Business Units should only be used if:

you got a requirement to prevent people from 1 department to view/write/delete another departments records
you got a requirement to make reports on department levels and want a simple way to create departments in CRM

Otherwise... dont start using it.. because using Business units can also present some challenges with security roles.
Rune Daub Senior Consultant - Dynateam CRM http://www.xrmmanagement.com
- Proposed as answer by Maryna ButenkoEditor Friday, November 9, 2012 1:10 PM
- Marked as answer by Josh Waclawski Friday, November 9, 2012 1:11 PM
Thursday, November 8, 2012 7:20 PM
0

Sign in to vote

Okay, that makes sense.

Also, I can't recall off the top of my head, do teams require a security role be applied to them? I've read that security roles aren't exactly transitive when applied to teams, so I was thinking of using them simple as containers for organization's sake since we'll need to apply roles and profiles at a user level. Doing this will essentially allow me to add specific users to a group and edit their Security Role/Field Security Profiles in bulk.

Correct me if I'm wrong.

Thursday, November 8, 2012 7:24 PM
0

Sign in to vote
Unfortunetly you are a little wrong.

For the user to be able to login, the user MUST have a security role related directly to that user that contains the minimal access settings. Otherwise the user cant login.

But as long as you give the individual user a minimal user setting role.. then you can create teams and give the teams userroles and thereby do the bulk security profiles as you call them.

With that said... Teams is something that is MAINLY used for getting around the conventional security shortcommings with business units.
Rune Daub Senior Consultant - Dynateam CRM http://www.xrmmanagement.com
- Proposed as answer by Neil BensonMVP, Moderator Friday, November 9, 2012 3:32 AM
Thursday, November 8, 2012 8:47 PM

Answered by:

CRM Security Architecture

Question

Answers

All replies