locked
Setting Customer ownership, best practice? RRS feed

  • Question

  • Looking for ideas of who to set as the owner for customer records that are used companywide within CRM. The customer ecords need to be read only (though activities and releationships may be added to the records, but only a small number of users should be able to amend the records.

    Also when users themselves create customer records that need to be available to all whats the best way to do it?
    Tuesday, March 3, 2009 9:34 AM

Answers

  • The security context in Microsoft CRM can handle your situation with a few quick changes to the security roles. 

    The bigger question on Customer ownership, best practice really depends on your companies situation.  I can give you some things to think about but without the full description of you security requirements and processes you want to facilitate with CRM I cannot tell you what the best practice is for your implementation.  The real best practice is to fully understand your needs and your options in CRM and how those options affect how the system will work for you. With that here are some of the questions you need to ask and answer and some of your options.

    The Account entity and Contact Entity in Microsoft CRM are user owned and the security can therefore be enforced at multiple layers depending on the size and complexity of who should be able to create, read, write, delete, append, append to, assign, or share. 

    From your e-mail it sounds like your security requirements are as such, you have two types of users
    User Group A - Should be able to see all account records but not edit them, even though they cannot edit the records they should be able to append and append to other objects to the accounts.  
    User Group B - Should be able to see and edit all account records, should be able to create new account records   

    These security rolls defined would end up with
    Group A 
    create (?"none"or"user"), read(organization), write(?"none"or"user"), delete(?), append(organization), append to(organization), assign(?), share(?)
    Group B
    create (organization), read(organization), write(organization), delete(?), append(organization), append to(organization), assign(?), share(?)

    What is not answered is......
    Should user Group A be able to create Account records?  If they can create account records should they be able to edit the account records they create?  
    Should user Group B be able to grant writes to certain users in group A the right to edit specific accounts?
    Should either group ever be able to delete?

    With building the roles where Group A can see all accounts organization wide no matter who owns them they can see and attach things to them.  You then just have to answer the rest of the questions to figure out the rest of the roles. 

    Now who should own the accounts in your system.  The practice we see allot of the time is if there is someone in charge of interaction with a certain account then they should probably be the owner of that account in CRM.  This usually works with the security you define.  Now in some cases there is a large number of accounts that are considered "house" accounts or all of your accounts are truly not owned by anyone and they really are common accounts.  This works fine with this security if you either assign all accounts to one person or create a new house account to assign all of the accounts to.  There are a few things to consider when creating a new account to assign all accounts to.
    1. You could need to buy another license for that user account.
    2. You then have to create a workflow on create of an account to assign it to the house account. Not difficult but must get done to keep all past and future accounts that get created assigned to the house account. 
    3. If you do allow group A to create accounts once it gets saved it gets reassigned to the house account they will lose their right to change it unless you have the system share the account back to the original owner. (there is a setting in Microsoft CRM that allows this)    

    Another option is to choose someone to to assign all of the accounts to on import and leave the owners going forward to be assigned to whoever creates them.  The major thing to think about with this approach is if you also assign all contacts to a single user when populating the database you will want to work with them to modify there local data settings if they use the outlook client and synchronize their contacts between CRM and Outlook because the default settings is to synchronize all my contacts and if they own all the contacts that is allot of contacts that will get synchronized to their Outlook contacts.

    Basically it comes down to understanding your options and the implications of each option.  I hope this discussion helped.  If you want to clarify things more give us some more details and we can take a quick stab at a recommendation based on the information you provide.
     
    Later
         Hoss
     
    Tuesday, March 3, 2009 6:37 PM

All replies

  • Depending on the size of the company you could make the owner of the record a person who is more widely centralized. For instance a person who assists many team members. Your other option is to add a CRM User for such purposes but that would use a license.

    Anne
    Tuesday, March 3, 2009 5:57 PM
  • The security context in Microsoft CRM can handle your situation with a few quick changes to the security roles. 

    The bigger question on Customer ownership, best practice really depends on your companies situation.  I can give you some things to think about but without the full description of you security requirements and processes you want to facilitate with CRM I cannot tell you what the best practice is for your implementation.  The real best practice is to fully understand your needs and your options in CRM and how those options affect how the system will work for you. With that here are some of the questions you need to ask and answer and some of your options.

    The Account entity and Contact Entity in Microsoft CRM are user owned and the security can therefore be enforced at multiple layers depending on the size and complexity of who should be able to create, read, write, delete, append, append to, assign, or share. 

    From your e-mail it sounds like your security requirements are as such, you have two types of users
    User Group A - Should be able to see all account records but not edit them, even though they cannot edit the records they should be able to append and append to other objects to the accounts.  
    User Group B - Should be able to see and edit all account records, should be able to create new account records   

    These security rolls defined would end up with
    Group A 
    create (?"none"or"user"), read(organization), write(?"none"or"user"), delete(?), append(organization), append to(organization), assign(?), share(?)
    Group B
    create (organization), read(organization), write(organization), delete(?), append(organization), append to(organization), assign(?), share(?)

    What is not answered is......
    Should user Group A be able to create Account records?  If they can create account records should they be able to edit the account records they create?  
    Should user Group B be able to grant writes to certain users in group A the right to edit specific accounts?
    Should either group ever be able to delete?

    With building the roles where Group A can see all accounts organization wide no matter who owns them they can see and attach things to them.  You then just have to answer the rest of the questions to figure out the rest of the roles. 

    Now who should own the accounts in your system.  The practice we see allot of the time is if there is someone in charge of interaction with a certain account then they should probably be the owner of that account in CRM.  This usually works with the security you define.  Now in some cases there is a large number of accounts that are considered "house" accounts or all of your accounts are truly not owned by anyone and they really are common accounts.  This works fine with this security if you either assign all accounts to one person or create a new house account to assign all of the accounts to.  There are a few things to consider when creating a new account to assign all accounts to.
    1. You could need to buy another license for that user account.
    2. You then have to create a workflow on create of an account to assign it to the house account. Not difficult but must get done to keep all past and future accounts that get created assigned to the house account. 
    3. If you do allow group A to create accounts once it gets saved it gets reassigned to the house account they will lose their right to change it unless you have the system share the account back to the original owner. (there is a setting in Microsoft CRM that allows this)    

    Another option is to choose someone to to assign all of the accounts to on import and leave the owners going forward to be assigned to whoever creates them.  The major thing to think about with this approach is if you also assign all contacts to a single user when populating the database you will want to work with them to modify there local data settings if they use the outlook client and synchronize their contacts between CRM and Outlook because the default settings is to synchronize all my contacts and if they own all the contacts that is allot of contacts that will get synchronized to their Outlook contacts.

    Basically it comes down to understanding your options and the implications of each option.  I hope this discussion helped.  If you want to clarify things more give us some more details and we can take a quick stab at a recommendation based on the information you provide.
     
    Later
         Hoss
     
    Tuesday, March 3, 2009 6:37 PM